MAC Security (MACsec) is an IEEE 802® standard that allows authorized systems in a network to transmit data confidentially and to take measures against data transmitted or modified by unauthorized devices.
The switch supports the following statistics that provide a measure of MACsec performance.
Statistics |
Description |
---|---|
TxUntaggedPkts |
Specifies the number of transmitted packets without the MAC security tag (SecTAG), with MACsec disabled on the interface. |
TxTooLongPkts |
Specifies the number of transmitted packets discarded because the packet length is greater than the Maximum Transmission Unit (MTU) of the Common Port interface. |
RxUntaggedPkts |
Specifies the number of received packets without the MAC security tag (SecTAG), with MACsec not operating in strict mode. |
RxNoTagPkts |
Specifies the number of received packets without the MAC security tag (SecTAG), with MACsec operating in strict mode. |
RxBadTagPkts |
Specifies the number of received packets discarded with an invalid SecTAG or with a zero value Packet Number (PN)/invalid Integrity Check Value (ICV). |
RxUnknownSCIPkts |
Specifies the number of packets received with an unknown Secure Channel Identifier (SCI) and with MACsec not operating in strict mode. |
RxNoSCIPkts |
Specifies the number of packets received with an unknown Secure Channel Identifier (SCI) and with MACsec operating in strict mode. |
RxOverrunPkts |
Specifies the number of packets discarded because the number of received packets exceeded the cryptographic performance capabilities. |
Statistics |
Description |
---|---|
UnusedSAPkts |
Specifies the summation of received unencrypted packets on all SAs of this secure channel, with MACsec not in strict mode. |
NoUsingSAPkts |
Specifies the summation of received packets that were discarded along with either encrypted packets or packets that were received with MACsec operating in strict mode. |
LatePkts |
Specifies the number of packets received that have been discarded for this Secure Channel (SC) with Replay Protect enabled. Note:
Replay Protect is supported only by MACsec configurations using MACsec Key Agreement (MKA) protocol. |
NotValidPkts |
Specifies the summation of packets that were discarded in all SAs of the SC because they were not valid with one of the following conditions:
|
InvalidPkts |
Specifies the summation of all packets received that were not valid for this SC, with MACsec operating in check mode. |
DelayedPkts |
Specifies the summation of packets for this SC, with the Packet Number (PN) of the packets lower than the lower bound replay protection PN. Note:
Replay Protect is supported only by MACsec configurations using MKA protocol. |
UncheckedPkts |
The total number of packets for this SC that:
|
OKPkts |
Specifies the total number of Integrity Check Validated (ICV) packets for all SAs of this Secure Channel. The number of octets of User Data recovered from received frames that were integrity protected but not encrypted. |
OctetsValidated |
Specifies the number of octets of plain text recovered from received packets that were integrity protected but not encrypted. |
OctetsDecrypted |
Specifies the number of octets of plain text recovered from received packets that were integrity protected and encrypted. |
Statistics |
Description |
---|---|
ProtectedPkts |
Specifies the number of integrity protected but not encrypted packets for this transmitting SC. |
EncryptedPkts |
Specifies the number of integrity protected and encrypted packets for this transmitting SC. |
OctetsProtected |
Specifies the number of plain text octets that are integrity protected but not encrypted on the transmitting SC. |
OctetsEncrypted |
Specifies the number of plain text octets that are integrity protected and encrypted on the transmitting SC. |
Statistics |
Description |
---|---|
MKPDUs Validated & Rx |
Specifies the number of MACsec Key Agreement Protocol Data Units (MKPDU) validated and received. |
Rx Distributed SAK |
Specifies the number of Secure Association Keys (SAK) received. |
MKPDUs Transmitted |
Specifies the number of MKPDUs transmitted. |
Tx Distributed SAK |
Specifies the number of SAKs transmitted. |