Display the following information for MACsec enabled interfaces:
MACsec status
MACsec encryption status
CAK in MD5 checksum format
show macsec status
show macsec status {slot/port[/sub-port][-slot/port[/sub-port]][,...]}
Identifies the slot and port in one of the following formats: a single slot and port (slot/port), a range of slots and ports (slot/port-slot/port), or a series of slots and ports (slot/port,slot/port,slot/port). If the platform supports channelization and the port is channelized, you must also specify the sub-port in the format slot/port/sub-port.
None
Privileged EXEC
This command does not apply to all hardware platforms. For more information about feature support, see VOSS Feature Support Matrix.
The show macsec status command displays the following information:
|
Output field |
Description |
|---|---|
|
PortId |
Specifies the port ID number. |
|
MACSEC Status |
Specifies whether MACsec is enabled. |
|
Encryption Status |
Specifies whether encryption is enabled. |
|
Replay Protect |
Specifies whether replay protection is enabled. |
|
Replay Protect Window |
Specifies the size of the replay protect window. |
|
Encryption Offset |
Specifies the number of unencrypted bytes that precede MACsec encryption. |
|
Cipher Suite |
Specifies the encryption algorithm used to encrypt traffic on an Ethernet link that is secured with MACsec. |
|
CA Name |
Specifies the name of the Connectivity Association. |
|
MKA-Profile Name |
Specifies the name of the MKA profile applied to the port. |
The following example displays MACsec status for all ports:
Switch:1#show macsec status
====================================================================================================
MACSEC Port Status
====================================================================================================
MACSEC Encryption Replay Replay Encryption Cipher CA MKA-Profile
PortId Status Status Protect Protect W'dow Offset Suite Name Name
----------------------------------------------------------------------------------------------------
1/1 enabled disabled disabled -- none AES-128 SMLTCONN mkapro1
1/2 disabled disabled disabled -- none AES-128 Nil --
1/3 disabled disabled disabled -- none AES-128 Nil --
1/4 disabled disabled disabled -- none AES-128 Nil --
1/5 disabled disabled disabled -- none AES-128 Nil --
1/6 disabled disabled disabled -- none AES-128 Nil --
1/7 disabled disabled disabled -- none AES-128 Nil --
1/8 disabled disabled disabled -- none AES-128 Nil --
1/9 disabled disabled disabled -- none AES-128 Nil --
1/10 disabled disabled disabled -- none AES-128 Nil --
1/11 disabled disabled disabled -- none AES-128 Nil --
1/12 disabled disabled disabled -- none AES-128 Nil --
1/13 disabled disabled disabled -- none AES-128 Nil --
--More-- (q = quit)
The following example displays MACsec status for a specific port:
Switch:1>show macsec status 1/1
=======================================================================================================
MACSEC Port Status
=======================================================================================================
MACSEC Encryption Replay Replay Encryption Cipher CA MKA-Profile
PortId Status Status Protect Protect W'dow Offset Suite Name Name
-------------------------------------------------------------------------------------------------------
1/1 enabled disabled disabled -- none AES-128 SMLTCONN mkaprof1