Keychain Fallback-keychain
------------------ -------- ---------------------- ------------
-------------------------------- --------------------------------
--------------------------------
Ethernet1/25 Secured GCM-AES-256 Yes pmod71kcmod71_25 kcmodfb71_25
Ethernet2/25 Secured GCM-AES-128 Yes pmod62kcmod62_25 kcmodfb62_25
Ethernet3/1 Secured GCM-AES-128 Yes pmod2kcmod2 kcmod2fb
Ethernet3/2 Secured GCM-AES-128 No pn_128_must_no_sak_conf_30 kcslake49
no keychain
Ethernet3/3 Secured GCM-AES-128 No pn_128_must_no_sak_conf_50 kcslake49
no keychain
Ethernet3/4 Secured GCM-AES-128 No pn_128_must_sak_60_conf_0 kcslake49
no keychain
Ethernet3/5 Secured GCM-AES-128 No pn_128_must_sak_60_conf_30 kcslake49
no keychain
The following example displays the configuration for all MACsec policies:
switch# show macsec policy
MACSec Policy Cipher Pri Window Offset Security SAK Rekey time
----------------- ---------------- ---- -------- ------ ------------ --------------
sak-pol1 GCM-AES-XPN-256 16 14880960 0 should-secur 60
system-default-
macsec-policy GCM-AES-XPN-256 16 14880960 0 should-secur pn-rollover
test-policy GCM-AES-XPN-256 16 14880960 0 should-secur pn-rollover
The following example displays the key octet string in the output of the show running-config and show
startup-config commands when the key-chain macsec-psk no-show command is not configured:
key chain KC256-1 macsec
key 2000
key-octet-string 7 075e701e1c5a4a5143475e5a527d7c7c706a6c724306170103555a5c57510b051e47080
a05000101005e0e50510f005c4b5f5d0b5b070e234e4d0a1d0112175b5e cryptographic-algorithm
AES_256_CMAC
The following example displays the key octet string in the output of the show running-config and show
startup-config commands when the key-chain macsec-psk no-show command is configured:
key chain KC256-1 macsec
key 2000
key-octet-string 7 ****** cryptographic-algorithm AES_256_CMAC
Displaying MACsec Statistics
You can display MACsec statistics using the following commands.
DescriptionCommand
Displays MACsec MKA statistics.
show macsec mka statistics [interface type slot/port]
Displays MACsec security statistics.
show macsec secy statistics [interface type slot/port]
The following example shows the MACsec MKA statistics for a specific Ethernet interface:
switch# show macsec mka statistics interface ethernet 2/2
Per-CA MKA Statistics for Session on interface (Ethernet2/2) with CKN 0x10
============================================================================
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
515
Configuring MACsec
Displaying MACsec Statistics
To Next Page
Loading...
