Display information about Media Access Control Security (MACsec).
show macsec
None
User EXEC
The show macsec command displays the following information:
|
Output field |
Description |
|---|---|
|
Connectivity Association Name |
Specifies the name of the connectivity association (CA). |
|
SHA-1 Connectivity Association Key Hash |
Specifies the CA hash key. |
|
AN_Mode / TxKeyParity |
Specifies the CA mode and transmission key parity value. |
|
Port Members |
Specifies the ports that are members of a CA. |
|
PortId |
Specifies the port ID. |
|
MACSEC Status |
Specifies whether MACsec is enabled on a port. |
|
Encryption Status |
Specifies whether encryption is enabled on a port. |
|
Replay Protect |
Specifies whether replay protection is enabled. |
|
Replay Protect W'dow |
Specifies the maximum acceptable difference in packet ID numbers between out of order packets. If a packet ID number differs from the ID number of the previously received packet by more than the specified window size, the packet is dropped. |
|
Encryption Offset |
Specifies the number of bytes after the Ethernet header from which data encryption begins. Possible values are 30 (IPv4 plus TCP/UDP header) and 50 (IPv6 plus TCP/UDP header). The default is no offset. |
|
Cypher Suite |
Specifies the cipher suite for encrypting traffic with MACsec. The following cipher suites are supported:
The default is the AES-GCM-128 standard. |
|
CA Name |
Specifies the name of the connectivity association. |
|
MKA-Profile Name |
Specifies the MKA profile name. An MKA profile name consists only of alphanumeric characters (0-9, A-Z, and a-z). The profile name is case sensitive. |
|
MKA Connect Status |
Specifies the MKA connection status. |
The show macsec command displays the following information:
Switch:1>show macsec
====================================================================================================
MACSEC Connectivity Associations Info
====================================================================================================
Connectivity SHA-1 Connectivity AN_Mode / Port
Association Name Association Key Hash TxKeyParity Members
----------------------------------------------------------------------------------------------------
conn1 550e0fb1dec7eaa40a473b09790c8745 4AN / Even
All 1 out of 1 Total Num of Macsec connectivity associates displayed
==========================================================================================================
MACSEC Port Status
==========================================================================================================
MACSEC Encryption Replay Replay Encryption Cipher CA MKA-Profile MKA Connect
PortId Status Status Protect Protect W'dow Offset Suite Name Name Status
----------------------------------------------------------------------------------------------------------
1/1 disabled disabled disabled -- none AES-128 Nil -- --
1/2 disabled disabled disabled -- none AES-128 Nil -- --
1/3 disabled disabled disabled -- none AES-128 Nil -- --
1/4 disabled disabled disabled -- none AES-128 Nil -- --
1/5 disabled disabled disabled -- none AES-128 Nil -- --
This command does not apply to all hardware platforms. For more information about feature support, see Fabric Engine and VOSS Feature Support Matrix.