Use the following procedure to enable or disable encryption on a MACsec capable port. The default is disabled.
If you disable encryption, MACsec forwards traffic in clear text. You can view that data that is not encrypted in the Ethernet frame that travels across the link. Even if you disable encryption the MACsec header applies to the frame and integrity checks make sure that traffic has not been tampered with.
enable
configure terminal
interface GigabitEthernet {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}
Note
If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
Configure MACsec encryption on a port:
Switch:1>enable Switch:1#configure terminal Switch:1(config)#interface gigabit 1/2 Switch:1(config-if)#macsec encryption enable