Key-Server Auth Mode
------------------ -------------------------------- ------------------ ------------------
------------------ ------------------
Ethernet1/3 2c33.11b8.7168/0001 1 Secured
Yes PRIMARY-PSK
Ethernet1/4 2c33.11b8.716c/0001 1 Secured
No PRIMARY-PSK
------------------ -------------------------------- ------------------ ------------------
------------------ ------------------
Total Number of Sessions : 2
Secured Sessions : 2
Pending Sessions : 0
The following example displays information about the MACsec MKA session for a specific interface. In
addition to the common elements of the table as described in the previous example, the following also identifies
the authentication mode which defines the current MACsec session type.
switch# show macsec mka session interface ethernet 1/1
Interface Local-TxSCI # Peers Status Key-Server Auth Mode
-------------- -------------------- --------- ------------- -------------- -------------
Ethernet1/1 70df.2fdc.baf4/0001 0 Pending Yes PRIMARY-PSK
Ethernet1/1 70df.2fdc.baf4/0001 1 Secured No FALLBACK-PSK
The following example displays detail information about the MACsec MKA session for a specific Ethernet
interface:
Interface Name : Ethernet1/12
Session Status : SECURED - Secured MKA Session with MACsec
Local Tx-SCI : 005d.7357.6070/0001
Local Tx-SSCI : 2
MKA Port Identifier : 2
CAK Name (CKN) : 11
CA Authentication Mode : PRIMARY-PSK
Member Identifier (MI) : 3B13644BFD1D631EC1B68CB8
Message Number (MN) : 124282
MKA Policy Name : pn_256_shud_sak_2592000_conf_30
Key Server Priority : 16
Key Server : Yes
Include ICV : No
SAK Cipher Suite : GCM-AES-256
SAK Cipher Suite (Operational) : GCM-AES-256
Replay Window Size : 148809600
Confidentiality Offset : CONF-OFFSET-30
Confidentiality Offset (Operational): CONF-OFFSET-30
Latest SAK Status : Rx & TX
Latest SAK AN : 0
Latest SAK KI : 3B13644BFD1D631EC1B68CB800000001
Latest SAK KN : 1
Last SAK key time : 14:06:47 PDT Fri Sep 28 2018
CA Peer Count : 1
Eapol dest mac : 0180.c200.0003
Ether-type : 0x888e
Peer Status:
Peer MI : AB6396F69F6FDC97C089122D
RxSCI : 4c77.6d6d.d41e/0001
Peer CAK : Match
Latest Rx MKPDU : 11:11:58 PDT Mon Oct 01 2018
The following example displays the MACsec MKA configuration:
switch# show macsec mka summary
Interface Status Cipher (Operational) Key-Server MACSEC-policy
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
514
Configuring MACsec
Verifying the MACsec Configuration
To Next Page
Loading...
