Display the following information for MACsec enabled interfaces:
MACsec status
MACsec encryption status
CAK in MD5 checksum format
show macsec status
show macsec status {slot/port[/sub-port][-slot/port[/sub-port]][,...]}
Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
None
Privileged EXEC
The show macsec status command displays the following information:
Output field |
Description |
---|---|
PortId |
Specifies the port ID number. |
MACSEC Status |
Specifies whether MACsec is enabled. |
Encryption Status |
Specifies whether encryption is enabled. |
Replay Protect |
Specifies whether replay protection is enabled. |
Replay Protect Window |
Specifies the size of the replay protect window. |
Encryption Offset |
Specifies the number of unencrypted bytes that precede MACsec encryption. |
Cipher Suite |
Specifies the encryption algorithm used to encrypt traffic on an Ethernet link that is secured with MACsec. |
CA Name |
Specifies the name of the Connectivity Association. |
MKA-Profile Name |
Specifies the name of the MKA profile applied to the port. |
The following example displays MACsec status for all ports:
Switch:1#show macsec status ==================================================================================================== MACSEC Port Status ==================================================================================================== MACSEC Encryption Replay Replay Encryption Cipher CA MKA-Profile PortId Status Status Protect Protect W'dow Offset Suite Name Name ---------------------------------------------------------------------------------------------------- 1/1 enabled disabled disabled -- none AES-128 SMLTCONN mkapro1 1/2 disabled disabled disabled -- none AES-128 Nil -- 1/3 disabled disabled disabled -- none AES-128 Nil -- 1/4 disabled disabled disabled -- none AES-128 Nil -- 1/5 disabled disabled disabled -- none AES-128 Nil -- 1/6 disabled disabled disabled -- none AES-128 Nil -- 1/7 disabled disabled disabled -- none AES-128 Nil -- 1/8 disabled disabled disabled -- none AES-128 Nil -- 1/9 disabled disabled disabled -- none AES-128 Nil -- 1/10 disabled disabled disabled -- none AES-128 Nil -- 1/11 disabled disabled disabled -- none AES-128 Nil -- 1/12 disabled disabled disabled -- none AES-128 Nil -- 1/13 disabled disabled disabled -- none AES-128 Nil -- --More-- (q = quit)
The following example displays MACsec status for a specific port:
Switch:1>show macsec status 1/1 ======================================================================================================= MACSEC Port Status ======================================================================================================= MACSEC Encryption Replay Replay Encryption Cipher CA MKA-Profile PortId Status Status Protect Protect W'dow Offset Suite Name Name ------------------------------------------------------------------------------------------------------- 1/1 enabled disabled disabled -- none AES-128 SMLTCONN mkaprof1