Displays a system-wide view of MAC Security (MACsec).
This command has no arguments or variables.
N/A.
Note
Extreme Network switches always attempt to connect securely. However, if the peer is a third-party device and the peer is elected key server and the peer chooses to connect without MACsec protection, the port's connect status becomes "authenticated" instead of "secure". In authenticated mode, MKA continues to authenticate the remote peer, but MACsec protection is not enabled and all traffic transmits in the clear.For ports with shared media (one copper and one fiber), normally fiber is the preferred medium; however, for proper detection/operation, the fiber port must be the preferred medium. For example, if link is detected on the copper port it becomes the preferred medium. As such it is removed from the MACsec-capable port list. The copper ports of the shared media ports are not MACse-capable. Only the fiber side with an LRM/MACsec adapter installed is MACse-capable.
# show macsec MACsec Capable Without External Adapter: 1:25-48,2:25-48 HW-Mode MACsec: 1:25-48,2:25-48 MACsec Capable with External Adapter: 1:49-54,2:49-54 LRM/MACsec Adapter Present: 2:49-50 Valid MACsec License: 1:25-54,2:25-54 MACsec Capable, Present and Licensed: 1:25-48,2:25-50 MACsec Configured: 1:37,1:48,2:25,2:29,2:32,2:49 MKA Active: 1:37,2:49 (Transmitting MKPDUs) Connect Status Pending: 1:48,2:25,2:29,2:32 (No connectivity) Secure: 1:37,2:49 (Secured connectivity: MKA with MACsec)
This command was first available in ExtremeXOS 30.1.
This command is available on the following platforms.
Note
The MACsec feature requires the installation of the MAC Security feature pack license.Platform | Ports |
---|---|
ExtremeSwitching 5320 | All ports of all models except stacking ports. |
ExtremeSwitching 5420 | All ports of all models except stacking ports. |
ExtremeSwitching 5520 | All ports, except 5520-VIM-4X and 5520-24X 10G ports |
ExtremeSwitching 5720 | All ports of all models except stacking ports. |