Display information about Media Access Control Security (MACsec).
show macsec
User EXEC
The command displays the following information:
Output field |
Description |
---|---|
Connectivity Association Name |
Specifies the name of the connectivity association (CA). |
Connectivity Association Key Hash |
Specifies the CA hash key. |
AN_Mode / TxKeyParity |
Specifies the CA mode and transmission key parity value. |
Port Members |
Specifies the ports that are members of a CA. |
PortId |
Specifies the port ID. |
MACSEC Status |
Specifies whether MACsec is enabled on a port. |
Encryption Status |
Specifies whether encryption is enabled on a port. |
Replay Protect |
Specifies whether replay protection is enabled. |
Replay Protect W'dow |
Specifies the maximum acceptable difference in packet ID numbers between out of order packets. If a packet ID number differs from the ID number of the previously received packet by more than the specified window size, the packet is dropped. |
Encryption Offset |
Specifies the number of bytes after the Ethernet header from which data encryption begins. Possible values are 30 (IPv4 plus TCP/UDP header) and 50 (IPv6 plus TCP/UDP header). The default is no offset. |
Cypher Suite |
Specifies the cipher suite for encrypting traffic with MACsec. The following cipher suites are supported:
The default is the AES-GCM-128 standard. |
CA Name |
Specifies the name of the connectivity association. |
MKA-Profile Name |
Specifies the MKA profile name. An MKA profile name consists only of alphanumeric characters (0-9, A-Z, and a-z). The profile name is case sensitive. |
The show macsec command displays the following information:
Switch:1>show macsec ==================================================================================================== MACSEC Connectivity Associations Info ==================================================================================================== Connectivity Connectivity AN_Mode / Port Association Name Association Key Hash TxKeyParity Members ---------------------------------------------------------------------------------------------------- conn1 550e0fb1dec7eaa40a473b09790c8745 4AN / Even All 1 out of 1 Total Num of Macsec connectivity associates displayed ==================================================================================================== MACSEC Port Status ==================================================================================================== MACSEC Encryption Replay Replay Encryption Cipher CA MKA-Profile PortId Status Status Protect Protect W'dow Offset Suite Name Name ---------------------------------------------------------------------------------------------------- 1/1 disabled disabled disabled -- none AES-128 Nil -- 1/2 disabled disabled disabled -- none AES-128 Nil -- 1/3 disabled disabled disabled -- none AES-128 Nil -- 1/4 disabled disabled disabled -- none AES-128 Nil -- 1/5 disabled disabled disabled -- none AES-128 Nil --