MACsec Log messages

Event

Message

CAK Mismatch (Note that CAK will not be displayed)

MACsec Connectivity Association failed on port %s: Mismatch in the Integrity Check Value (ICV).

Throttled messages for CAK mismatch

Ceasing 'Detection of Macsec CAK Mismatch' message for 5m.

CKN Mismatch (or missing Policy on a port)

MACsec Connectivity Association failed on port %s: Mismatch in the CA Key Name (CKN).

Throttled messages for CKN Mismatch

Ceasing 'Detection of Macsec CKN Mismatch' message for 5m.

MKA session start

The MACsec Connectivity Association established on port %s.

MKA session end

The MACsec Connectivity Association ended on port %s.

Detection of replay attack

Possible replay attack on MACsec port %s.

Throttled replay attack messages

Ceasing ‘Detection of Replay Attack’ for 5m.

More than 1 MACsec client on a MACsec enabled port.

More than one MACsec clients detected on port %s

Throttled message for more than 1 client

Ceasing 'Detection of More than one Macsec clients’ for 5m.

If MACsec is running in integrity mode, as it might be configured for integrity on either of sides

The MACsec is operating in Integrity Check (IC) mode on port %s.

If MACsec is running in encryption mode, as it might be configured to confidentiality from integrity on both sides

The MACsec is operating in Encryption mode on port %s.

when boot up FIPS test failed

FIPS test failed on port %s in slot %s.

(where 1st %s is Port-Name and 2nd %s is for Slot-Name)

when FIPS bypass test failed

FIPS bypass self-test failed on port %s in slot %s.

(where 1st %s is Port-Name and 2nd %s is for Slot-Name)

When hard expiry limit is reached

MACsec Secure Association Key (SAK) expired in hardware. Port %s blocked by MACsec.

Macsec errors

MACsec errors detected on port %s.