Viewing MACsec Status

Perform this procedure to view MACsec status.

About this task

This command displays the status for the following:
  • MACsec status

  • MACsec encryption status

  • MACsec encryption cipher suite, if supported on your hardware platform

  • The associated Connectivity Association (CA) name

Note

Note

If you do not specify a port number, the information on all MACsec capable interfaces is displayed.

Procedure

  1. Enter Privileged EXEC mode:

    enable

  2. View the MACsec status:

    show macsec status {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

  3. Display all MACsec related information:

    show macsec

Example

Note

Note

Slot and port information can differ depending on hardware platform. For more information about specific hardware, see your hardware documentation.

The switch does not support replay protect.

Note

Note

Configuration of a MACsec cipher suite is not supported on all hardware platforms. If you do not see it in your switch output, it is not supported. For more information on the hardware restrictions, see your hardware documentation.

View MACsec status:

Switch:1#show macsec status

====================================================================================================
                               MACSEC Port Status
====================================================================================================
         MACSEC     Encryption  Replay      Replay       Encryption       Cipher     CA       MKA-Profile
PortId   Status     Status     Protect     Protect W'dow   Offset         Suite      Name     Name
----------------------------------------------------------------------------------------------------
1/1      enabled    disabled   disabled      --             none          AES-128    SMLTCONN mkapro1
1/2      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/3      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/4      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/5      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/6      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/7      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/8      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/9      disabled   disabled   disabled      --             none          AES-128    Nil      --
1/10     disabled   disabled   disabled      --             none          AES-128    Nil      --
1/11     disabled   disabled   disabled      --             none          AES-128    Nil      --
1/12     disabled   disabled   disabled      --             none          AES-128    Nil      --
1/13     disabled   disabled   disabled      --             none          AES-128    Nil      --

--More-- (q = quit)

View MACsec status on port 1/1:

Switch:1>show macsec status 1/1

=======================================================================================================
                               MACSEC Port Status
=======================================================================================================
         MACSEC     Encryption  Replay      Replay       Encryption       Cipher     CA       MKA-Profile
PortId   Status     Status     Protect     Protect W'dow   Offset         Suite      Name     Name
-------------------------------------------------------------------------------------------------------
1/1      enabled    disabled   disabled      --             none          AES-128    SMLTCONN mkaprof1

Display all MACsec information:

Switch:1#show macsec

=========================================================================================
                     MACSEC Connectivity Associations Info
=========================================================================================
  Connectivity                Connectivity                 AN_Mode /      Port
Association Name          Association Key Hash            TxKeyParity     Members
-----------------------------------------------------------------------------------------
caname33              d4433e901bae92d0cc472706f66cfc18      4AN / odd

All 1 out of 1 Total Num of Macsec connectivity associates displayed


=============================================================================================
                               MACSEC Port Status
=============================================================================================
         MACSEC     Encryption  Replay      Replay       Encryption       Cipher      CA
PortId   Status     Status     Protect     Protect W'dow   Offset         Suite       Name
---------------------------------------------------------------------------------------------
1/1      disabled   disabled   disabled      --             none          AES-128     Nil
1/2      disabled   disabled   disabled      --             none          AES-128     Nil
1/3      enabled    enabled    disabled      --        ipv4Offset(30)     AES-256    caname33
1/4      enabled    enabled    disabled      --        ipv4Offset(30)     AES-128    caname34
1/5      disabled   disabled   disabled      --             none          AES-128     Nil
1/6      disabled   disabled   disabled      --             none          AES-128     Nil

--More-- (q = quit)