Display the following information for MACsec enabled interfaces:
MACsec status
MACsec encryption status
CAK in MD5 checksum format
show macsec status
show macsec status {slot/port[/sub-port][-slot/port[/sub-port]][,...]}
Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
None
User EXEC
This command does not apply to all hardware platforms. For more information about feature support, see Fabric Engine Feature Support Matrix.
The show macsec status command displays the following information:
Output field |
Description |
---|---|
PortId |
Specifies the port ID number. |
MACSEC Status |
Specifies whether MACsec is enabled. |
Encryption Status |
Specifies whether encryption is enabled. |
Replay Protect |
Specifies whether replay protection is enabled. |
Replay Protect Window |
Specifies the size of the replay protect window. |
Encryption Offset |
Specifies the number of unencrypted bytes that precede MACsec encryption. |
Cipher Suite |
Specifies the encryption algorithm used to encrypt traffic on an Ethernet link that is secured with MACsec. |
CA Name |
Specifies the name of the Connectivity Association. |
MKA-Profile Name |
Specifies the name of the MKA profile applied to the port. |
MKA Connect Status |
Specifies the MKA connection status. |
The following example displays MACsec status for all ports:
Switch:1#show macsec status ========================================================================================================================== MACSEC Port Status ========================================================================================================================== MACSEC Encryption Replay Replay Encryption Cipher CA MKA-Profile MKA Connect PortId Status Status Protect Protect W'dow Offset Suite Name Name Status -------------------------------------------------------------------------------------------------------------------------- 1/13 disabled disabled disabled -- none AES-128 NIL -- -- 1/14 disabled disabled disabled -- none AES-128 NIL -- -- 1/15 enabled disabled enabled 50 ipv4Offset(30) AES-256 mkanka extreme pending
The following example displays MACsec status for a specific port:
Switch:1#show macsec status 1/13 ========================================================================================================================== MACSEC Port Status ========================================================================================================================== MACSEC Encryption Replay Replay Encryption Cipher CA MKA-Profile MKA Connect PortId Status Status Protect Protect W'dow Offset Suite Name Name Status -------------------------------------------------------------------------------------------------------------------------- 1/13 enabled disabled enabled 50 ipv4Offset(30) AES-256 mkanka extreme pending