show macsec

Display information about Media Access Control Security (MACsec).

Syntax

Command Mode

User EXEC

Command Output

The command displays the following information:

Output field

Description

Connectivity Association Name

Specifies the name of the connectivity association (CA).

Connectivity Association Key Hash

Specifies the CA hash key.

AN_Mode / TxKeyParity

Specifies the CA mode and transmission key parity value.

Port Members

Specifies the ports that are members of a CA.

PortId

Specifies the port ID.

MACSEC Status

Specifies whether MACsec is enabled on a port.

Encryption Status

Specifies whether encryption is enabled on a port.

Replay Protect

Specifies whether replay protection is enabled.

Replay Protect W'dow

Specifies the maximum acceptable difference in packet ID numbers between out of order packets. If a packet ID number differs from the ID number of the previously received packet by more than the specified window size, the packet is dropped.

Encryption Offset

Specifies the number of bytes after the Ethernet header from which data encryption begins. Possible values are 30 (IPv4 plus TCP/UDP header) and 50 (IPv6 plus TCP/UDP header). The default is no offset.

Cypher Suite

Specifies the cipher suite for encrypting traffic with MACsec. The following cipher suites are supported:

  • AES-GCM-128 standard, with a maximum key length of 128 bits

  • AES-GCM-256 standard, with a maximum key length of 256 bits

The default is the AES-GCM-128 standard.

CA Name

Specifies the name of the connectivity association.

MKA-Profile Name

Specifies the MKA profile name. An MKA profile name consists only of alphanumeric characters (0-9, A-Z, and a-z). The profile name is case sensitive.

Example

The show macsec command displays the following information:

Switch:1>show macsec

====================================================================================================
                     MACSEC Connectivity Associations Info
====================================================================================================
  Connectivity                Connectivity                 AN_Mode /      Port
Association Name          Association Key Hash            TxKeyParity     Members
----------------------------------------------------------------------------------------------------
conn1                550e0fb1dec7eaa40a473b09790c8745      4AN / Even

All 1 out of 1 Total Num of Macsec connectivity associates displayed


====================================================================================================
                               MACSEC Port Status
====================================================================================================
         MACSEC     Encryption  Replay      Replay       Encryption       Cipher     CA       MKA-Profile
PortId   Status     Status     Protect     Protect W'dow   Offset         Suite      Name     Name
----------------------------------------------------------------------------------------------------
1/1      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/2      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/3      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/4      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/5      disabled   disabled   disabled      --             none          AES-128    Nil      --