Cisco Nexus 9000 Series - Configuration Example for Macsec

To Next Page

To Previous Page

SECY Rx Statistics:

Transform Error Pkts: N/A (N9K-X9736C-FX not supported)

Control Pkts: 2178

Untagged Pkts: N/A (N9K-X9736C-FX not supported)

No Tag Pkts: 6

Bad Tag Pkts: 0

No SCI Pkts: 0

Unknown SCI Pkts: 0

Tagged Control Pkts: N/A (N9K-X9736C-FX not supported)

SECY Tx Statistics:

Transform Error Pkts: N/A (N9K-X9736C-FX not supported)

Control Pkts: 1570

Untagged Pkts: N/A (N9K-X9736C-FX not supported)

SAK Rx Statistics for AN [2]:

Unchecked Pkts: 0

Delayed Pkts: 0

Late Pkts: 0

OK Pkts: 116891

Invalid Pkts: 0

Not Valid Pkts: 0

Not-Using-SA Pkts: 0

Unused-SA Pkts: 0

Decrypted In-Octets: 20871733 bytes

Validated In-Octets: 0 bytes

SAK Tx Statistics for AN [2]:

Encrypted Protected Pkts: 109070

Too Long Pkts: N/A (N9K-X9736C-FX not supported)

SA-not-in-use Pkts: N/A (N9K-X9736C-FX not supported)

Encrypted Protected Out-Octets: 19462062 bytes

Configuration Example for MACsec

The following example shows how to configure a user-defined MACsec policy and then apply the policy to

interfaces:

switch(config)# macsec policy 1

switch(config-macsec-policy)# cipher-suite GCM-AES-256

switch(config-macsec-policy)# window-size 512

switch(config-macsec-policy)# key-server-priority 0

switch(config-macsec-policy)# conf-offset CONF-OFFSET-0

switch(config-macsec-policy)# security-policy should-secure

switch(config-macsec-policy)# exit

switch(config)# int e2/13-14

switch(config-if-range)# macsec keychain 1 policy 1

switch(config-if-range)# exit

switch(config)# show macsec mka summary

Interface MACSEC-policy Keychain

------------------ -------------------------------- ------------------------

Ethernet2/13 1 1/10000000000000000

Ethernet2/14 1 1/10000000000000000

switch(config)# show macsec mka session

Interface Local-TxSCI # Peers Status Key-Server

-------------- -------------------- ---------- ---------- -------------

Ethernet2/13 006b.f1be.d31c/0001 1 Secured Yes

Ethernet2/14 006b.f1be.d320/0001 1 Secured No

Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x

518

Configuring MACsec

Configuration Example for MACsec

Main Page

Cisco Nexus 9000 Series - Configuration Example for Macsec

Table of Contents

Other manuals for Cisco Nexus 9000 Series

Related product manuals