show macsec status

Display the following information for MACsec enabled interfaces:

Syntax

Command Parameters

{slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.

Default

None

Command Mode

Privileged EXEC

Command Output

The show macsec status command displays the following information:

Table 1.

Output field

Description

PortId

Specifies the port ID number.

MACSEC Status

Specifies whether MACsec is enabled.

Encryption Status

Specifies whether encryption is enabled.

Replay Protect

Specifies whether replay protection is enabled.

Replay Protect Window

Specifies the size of the replay protect window.

Encryption Offset

Specifies the number of unencrypted bytes that precede MACsec encryption.

Cipher Suite

Specifies the encryption algorithm used to encrypt traffic on an Ethernet link that is secured with MACsec.

CA Name

Specifies the name of the Connectivity Association.

MKA-Profile Name

Specifies the name of the MKA profile applied to the port.

Example

The following example displays MACsec status for all ports:

Switch:1#show macsec status

====================================================================================================
                               MACSEC Port Status
====================================================================================================
         MACSEC     Encryption  Replay      Replay       Encryption       Cipher     CA       MKA-Profile
PortId   Status     Status     Protect     Protect W'dow   Offset         Suite      Name     Name
----------------------------------------------------------------------------------------------------
1/1      enabled    disabled   disabled      --             none          AES-128    SMLTCONN mkapro1
1/2      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/3      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/4      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/5      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/6      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/7      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/8      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/9      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/10     disabled   disabled   disabled      --             none          AES-128    Nil      --
1/11     disabled   disabled   disabled      --             none          AES-128    Nil      --
1/12     disabled   disabled   disabled      --             none          AES-128    Nil      --
1/13     disabled   disabled   disabled      --             none          AES-128    Nil      --

--More-- (q = quit)

The following example displays MACsec status for a specific port:

Switch:1>show macsec status 1/1

=======================================================================================================
                               MACSEC Port Status
=======================================================================================================
         MACSEC     Encryption  Replay      Replay       Encryption       Cipher     CA       MKA-Profile
PortId   Status     Status     Protect     Protect W'dow   Offset         Suite      Name     Name
-------------------------------------------------------------------------------------------------------
1/1      enabled    disabled   disabled      --             none          AES-128    SMLTCONN mkaprof1