Display the following information for MACsec enabled interfaces:
MACsec status
MACsec encryption status
CAK in MD5 checksum format
show macsec status
show macsec status {slot/port[/sub-port][-slot/port[/sub-port]][,...]}
Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
None
Privileged EXEC
The show macsec status command displays the following information:
|
Output field |
Description |
|---|---|
|
PortId |
Specifies the port ID number. |
|
MACSEC Status |
Specifies whether MACsec is enabled. |
|
Encryption Status |
Specifies whether encryption is enabled. |
|
Replay Protect |
Specifies whether replay protection is enabled. |
|
Replay Protect Window |
Specifies the size of the replay protect window. |
|
Encryption Offset |
Specifies the number of unencrypted bytes that precede MACsec encryption. |
|
Cipher Suite |
Specifies the encryption algorithm used to encrypt traffic on an Ethernet link that is secured with MACsec. |
|
CA Name |
Specifies the name of the Connectivity Association. |
|
MKA-Profile Name |
Specifies the name of the MKA profile applied to the port. |
The following example displays MACsec status for all ports:
Switch:1#show macsec status
====================================================================================================
MACSEC Port Status
====================================================================================================
MACSEC Encryption Replay Replay Encryption Cipher CA MKA-Profile
PortId Status Status Protect Protect W'dow Offset Suite Name Name
----------------------------------------------------------------------------------------------------
1/1 enabled disabled disabled -- none AES-128 SMLTCONN mkapro1
1/2 disabled disabled disabled -- none AES-128 Nil --
1/3 disabled disabled disabled -- none AES-128 Nil --
1/4 disabled disabled disabled -- none AES-128 Nil --
1/5 disabled disabled disabled -- none AES-128 Nil --
1/6 disabled disabled disabled -- none AES-128 Nil --
1/7 disabled disabled disabled -- none AES-128 Nil --
1/8 disabled disabled disabled -- none AES-128 Nil --
1/9 disabled disabled disabled -- none AES-128 Nil --
1/10 disabled disabled disabled -- none AES-128 Nil --
1/11 disabled disabled disabled -- none AES-128 Nil --
1/12 disabled disabled disabled -- none AES-128 Nil --
1/13 disabled disabled disabled -- none AES-128 Nil --
--More-- (q = quit)
The following example displays MACsec status for a specific port:
Switch:1>show macsec status 1/1
=======================================================================================================
MACSEC Port Status
=======================================================================================================
MACSEC Encryption Replay Replay Encryption Cipher CA MKA-Profile
PortId Status Status Protect Protect W'dow Offset Suite Name Name
-------------------------------------------------------------------------------------------------------
1/1 enabled disabled disabled -- none AES-128 SMLTCONN mkaprof1