Show commands
Show command for MACsec policies
Syntax
show macsec policy<policy-name>Shows one or more MACsec policies.
show macsec policy
switch(config)# show macsec policy Configuration - MACsec Policy Policy Name : policy1 Cipher Suite : AES-GCM-128 Include-SCI : Yes Confidentiality : On Confidentiality offset : 0 Replay-Protection : On Replay-Protection Window : 0 Mode : pre-shared-key (PSK) CKN : abcd CAK : abcd Policy Name : macsecpolicy5 Cipher Suite : AES-GCM-128 Include-SCI : No Confidentiality : Off Confidentiality offset : 0 Replay-Protection : On Replay-Protection Window : 0 Mode : pre-shared-key (PSK) CKN : abcd11111111121212121212abcd3434 CAK : abab121212121212abcd34343434121212121212abcd34343434abcdefabcdefshow macsec policy Policy1
switch(config)# show macsec policy Policy1 Configuration - MACsec Policy Policy Name : policy1 Cipher Suite : AES-GCM-128 Include-SCI : Yes Confidentiality : On Confidentiality offset : 0 Replay-Protection : On Replay-Protection Window : 0 Mode : pre-shared-key (PSK) CKN : abcd CAK : abcd
Command validations
Validation |
Error/Warning/Prompt |
|---|---|
Check whether the policy with the name exists. |
MACsec policy %s does not exist. |
There are no MACsec policies configured on the system. |
No MACsec policy is found. |
Details
![[NOTE: ]](images/note.gif) | NOTE: In Manager mode. |
Condition |
Behavior |
|---|---|
Include-credentials enabled/disabled |
CAK value is displayed in plaintext format. |
Encrypt-credentials enabled/disabled |
CAK value is displayed in plaintext format. |
In Enhanced Secure Mode (FIPS) |
A dialogue is provided to proceed with display of sensitive information and only on a consent to proceed, policy details are displayed. |
Show command for MACsec status
Syntax
Show command for MACsec status on a port
Syntax
show command output
switch(config)# show macsec status A1 Status and Configuration - MACsec Protocol Interface : A1 Policy : Policy1 Transmitting : Yes Receiving : Yes Protection : Confidentiality Transmit secure Channel SCI : 000C29F6A4380004c Secure Association Association Number : 1 (old) KI : 4F18CE25228178FD15976E4C LPN : 2 SA-Start-time : 01:02:19 SA-Stop-time : 02:04:29 Association Number : 0 (current) KI : 4F18CE25228178FD15976E4C LPN : 3 SA-Start : 04:05:11 SA-Stop-time : 04:10:12 Receive secure Channel SCI : 000C29F6A4380003b Secure Association Association Number : 0 (current) KI : 4F18CE29456aefFD15976E4C LPN : 121198 SA-Start : 04:05:12 SA-Stop-time : 04:10:13
Validation |
Error/Warning/Prompt |
|---|---|
Check whether MACsec is enabled on the port. |
MACsec is not enabled on port %s. |
Show command for MACsec statistics
Syntax
show macsec statistics<port-num>Show macsec statistics
switch(config)# show macsec statistics Status and Counters - MACsec Protocol Interface : A1 Receive Statistics Totals (Since boot or last clear) : Bytes Received : 234435 Unicast Packets : 0 Multicast Packets : 0 Broadcast Packets : 0 Errors (Since boot or last clear) : Discarded Packets : 0 Crypto Overruns : 0 Packets With No Tag : 0 Erroneous Packets : 0 Packets With Bad Tag : 0 Packets With No SCI : 0 Transmit Statistics Totals (Since boot or last clear) : Bytes Transmitted : 28733989 Unicast Packets : 0 Multicast Packets : 0 Broadcast Packets : 0 Errors (Since boot or last clear) : Erroneous Packets : 0 Packets Too Long : 0 Interface : A2 Receive Statistics Totals (Since boot or last clear) : Bytes Received : 234435 Unicast Packets : 0 Multicast Packets : 0 Broadcast Packets : 0 Errors (Since boot or last clear) : Discarded Packets : 0 Crypto Overruns : 0 Packets With No Tag : 0 Erroneous Packets : 0 Packets With Bad Tag : 0 Packets With No SCI : 0 Transmit Statistics Totals (Since boot or last clear) : Bytes Transmitted : 28733989 Unicast Packets : 0 Multicast Packets : 0 Broadcast Packets : 0 Errors (Since boot or last clear) : Erroneous Packets : 0 Packets Too Long : 0Show macsec statistics A1
switch(config)# show macsec statistics A1 Status and Counters - MACsec Protocol Interface : A1 Receive Statistics Totals (Since boot or last clear) : Bytes Received : 234435 Unicast Packets : 0 Multicast Packets : 0 Broadcast Packets : 0 Errors (Since boot or last clear) : Discarded Packets : 0 Crypto Overruns : 0 Packets With No Tag : 0 Erroneous Packets : 0 Packets With Bad Tag : 0 Packets With No SCI : 0 Transmit Statistics Totals (Since boot or last clear) : Bytes Transmitted : 28733989 Unicast Packets : 0 Multicast Packets : 0 Broadcast Packets : 0 Errors (Since boot or last clear) : Erroneous Packets : 0 Packets Too Long : 0
Show command for detailed MACsec statistics on a port
Syntax
show macsec statistics<port-num>detailShow detailed statistics for a MACsec-enabled port.
statistics
Show MACsec statistics.
detail
Show detailed statistics for a MACsec-enabled port.
[ethernet] PORT-NUM
The port to show MACsec statistics for.
show macsec statistics A1 detail
switch(config)# show macsec statistics A1 detail Status and Counters - MACsec Protocol Interface : A1 Receive Statistics Totals (Since boot or last clear) : Bytes Received : 234435 Unicast Packets : 0 Multicast Packets : 0 Broadcast Packets : 0 Errors (Since boot or last clear) : Discarded Packets : 0 Crypto Overruns : 0 Packets With No Tag : 0 Erroneous Packets : 0 Packets With Bad Tag : 0 Packets With No SCI : 0 Transmit Statistics Totals (Since boot or last clear) : Bytes Transmitted : 28733989 Unicast Packets : 0 Multicast Packets : 0 Broadcast Packets : 0 Errors (Since boot or last clear) : Erroneous Packets : 0 Packets Too Long : 0 Secure Channel Transmit Statistics Encrypted Packets : 0 Bytes Protected : 0 Bytes Encrypted : 0 Secure Association Statistics Association Number : 0 (old) Protected Packets : 0 Encrypted Packets : 0 Association Number : 1 (current) Protected Packets : 0 Encrypted Packets : 0 Secure Channel Receive Statistics Not using SA : 0 Late : 0 Not Valid : 0 Delayed : 0 Valid : 0 Bytes Validated : 0 Bytes Decrypted : 0 Secure Association Statistics Association Number : 1 (current) Not using SA : 0 Not Valid : 0 Valid : 0
Command validations
| NOTE: In Manager mode. |
Validation |
Error/Warning/Prompt |
|---|---|
Check whether MACsec is enabled on the port. |
MACsec is not enabled on port %s. |
Show command for MKA status
Syntax
show port-access mka status<port-num>Show the MKA protocol status information.
show port-access authenticator [...]|supplicant [...]|summary [...]| mka...Show 802.1X (Port Based Network Access) supplicant or authenticator current status and configuration.
[ethernet] PORT-LIST
Show Web/MAC Authentication statistics and configuration.
authenticator
Show 802.1X (Port Based Network Access) authenticator current status, configuration or last session counters.
config
Show status of 802.1X, Web Auth, and MAC Auth configurations.
local-mac
Show Local MAC Authentication statistics and configuration.
mac-based
Show MAC Authentication statistics and configuration.
mka
Show the MKA protocol information.
summary
Show summary configuration information for all ports, including that overridden by RADIUS attributes.
supplicant
Show 802.1X (Port Based Network Access) supplicant current status and configuration.
web-based
Show Web Authentication statistics and configuration.
statistics
Show the MKA statistics.
status
Show the MKA protocol status information.
Show port-access mka status
switch(config)# show port-access mka status Status and Configuration - MKA Protocol Interface : A2 Port MAC Address : f0921c-4576fe MKA Session Status : Secured CKN : abcd MI : 1c64f054f894b5482defdf81 MN : 86 Capability : IC, Conf, Offset 0 Transmit Interval : 2 Key Server Priority : 16 Key Server : No Live Peer List: MI MN PRI Capability Rx-SCI ------------------------ -------- --- --------------------- ---------------- fb7f82788e4cd38dbc65dc55 119 16 IC, Conf, Offset 0 a45d36489bfe0002 Potential Peer List: MI MN PRI Capability Rx-SCI ------------------------ -------- --- --------------------- ---------------- Interface : L2 Port MAC Address : f0921c-4576fe MKA Session Status : Secured CKN : abcdefabcd MI : 1c64f054f894b5482defdf81 MN : 86 Capability : IC, Conf, Offset 0 Transmit Interval : 2 Key Server Priority : 16 Key Server : No Live Peer List: MI MN PRI Capability Rx-SCI ------------------------ -------- --- --------------------- ---------------- fb7f82788e4cd38dbc65dc55 119 16 IC, Conf, Offset 0 a45d36489bfe0002 Potential Peer List: MI MN PRI Capability Rx-SCI ------------------------ -------- --- --------------------- ----------------Show port-access MKA status A2
switch(config)# show port-access mka status A2 Status and Configuration - MKA Protocol Interface : A2 Port MAC Address : f0921c-4576fe MKA Session Status : Secured CKN : abcd MI : 1c64f054f894b5482defdf81 MN : 86 Capability : IC, Conf, Offset 0 Transmit Interval : 2 Key Server Priority : 16 Key Server : No Live Peer List: MI MN PRI Capability Rx-SCI ------------------------ -------- --- --------------------- ---------------- fb7f82788e4cd38dbc65dc55 119 16 IC, Conf, Offset 0 a45d36489bfe0002 Potential Peer List: MI MN PRI Capability Rx-SCI ------------------------ -------- --- --------------------- ----------------
Show command for MKA statistics
Syntax
show port-access mka statistics<port-num>Show the MKA statistics. When a PORT-NUM is used, the MKA statistics of the selected port are shown.
[ethernet] PORT-LIST
Show Web/MAC Authentication statistics and configuration.
authenticator
Show 802.1X (Port Based Network Access) authenticator current status, configuration or last session counters.
config
Show status of 802.1X, Web Auth, and MAC Auth configurations.
local-mac
Show Local MAC Authentication statistics and configuration.
mac-based
Show MAC Authentication statistics and configuration.
mka
Show the MKA protocol information.
summary
Show summary configuration information for all ports, including that overridden by RADIUS attributes.
supplicant
Show 802.1X (Port Based Network Access) supplicant current status and configuration.
web-based
Show Web Authentication statistics and configuration.
statistics
Show the MKA statistics.
status
Show the MKA protocol status information.
[ethernet] PORT-NUM
Specify the port number.
Show port-access MKA statistics
switch(config)# show port-access mka statistics Status and Counters - MKA Protocol CAs Established : 32 CAs Deleted : 1 Interface : A1 Tx MKPDUs : 16534893 Rx MKPDUs : 16534893 SAKs Distributed : 0 SAKs Received : 0 MKPDUs With Invalid Version : 0 MKPDUs With Invalid CKN : 0 MKPDUs With Invalid ICV : 0 MKPDUs With Duplicate MI : 0 MKPDUs With Invalid MN : 0 Interface : A2 Tx MKPDUs : 16534893 Rx MKPDUs : 16534893 SAKs Distributed : 0 SAKs Received : 0 MKPDUs With Invalid Version : 0 MKPDUs With Invalid CKN : 0 MKPDUs With Invalid ICV : 0 MKPDUs With Duplicate MI : 0 MKPDUs With Invalid MN : 0Show port-access MKA statistics A1
switch(config)# show port-access mka statistics A1 Status and Counters - MKA Protocol Interface : A1 Tx MKPDUs : 16534893 Rx MKPDUs : 16534893 SAKs Distributed : 0 SAKs Received : 0 MKPDUs With Invalid Version : 0 MKPDUs With Invalid CKN : 0 MKPDUs With Invalid ICV : 0 MKPDUs With Duplicate MI : 0 MKPDUs With Invalid MN : 0