Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

show security macsec statistics (SRX Series Firewalls)

Syntax

Description

Display Media Access Control Security (MACsec) statistics.

Options

none

Display MACsec statistics in brief form for all interfaces on the switch.

brief | detail

(Optional) Display the specified level of output. Using the brief option is equivalent to entering the command with no options (the default). The detail option displays additional fields that are not visible in the brief output.

Note:

The field names that only appear in this command output when you enter the detail option are mostly useful for debugging purposes by Juniper Networks support personnel.

interface interface-name

(Optional) Display MACsec statistics for the specified interface only.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security macsec statistics command. Output fields are listed in the approximate order in which they appear.

The field names that appear in this command output only when you enter the detail option are mostly useful for debugging purposes by Juniper Networks support personnel. Those field names are, therefore, not included in this table.

Table 1: show security macsec statistics Output Fields

Field Name

Field Description

Level of Output

Interface name

Name of the interface.

All levels

Fields for Secure Channel transmitted

Encrypted packets

Total number of packets transmitted out of the interface in the secure channel that were secured and encrypted using MACsec.

Data packets are sent in the secure channel when MACsec is enabled, and are secured using a connectivity association key (CAK).

All levels

Encrypted bytes

Total number of bytes transmitted out of the interface in the secure channel that were secured and encrypted using MACsec.

Data packets are sent in the secure channel when MACsec is enabled, and are secured using a connectivity association key (CAK).

All levels

Protected packets

Total number of packets transmitted out of the interface in the secure channel that were secured but not encrypted using MACsec.

Data packets are sent in the secure channel when MACsec is enabled, and are secured using a connectivity association key (CAK).

All levels

Protected bytes

Total number of bytes transmitted out of the interface in the secure channel that were secured but not encrypted using MACsec.

Data packets are sent in the secure channel when MACsec is enabled, and are secured using a connectivity association key (CAK).

All levels

Fields for Secure Association transmitted

Encrypted packets

Total number of packets transmitted out of the interface in the connectivity association that were secured and encrypted using MACsec.

The total includes the data packets transmitted in the secure channel and the control packets secured using a connectivity association key (CAK).

All levels

Protected packets

Total number of packets transmitted out of the interface in the connectivity association that were secured but not encrypted using MACsec.

The total includes the data packets transmitted in the secure channel and the control packets secured using a connectivity association key (CAK).

All levels

Fields for Secure Channel received

Accepted packets

The number of received packets that have been accepted by the secure channel on the interface. The secure channel is used to send all data plane traffic on a MACsec-enabled link.

A packet is considered accepted for this counter when it has been received by this interface and it has passed the MACsec integrity check.

This counter increments for traffic that is and is not encrypted using MACsec.

All levels

Validated bytes

The number of bytes that have been validated by the MACsec integrity check and received on the secure channel on the interface. The secure channel is used to send all data plane traffic on a MACsec-enabled link.

This counter does not increment when MACsec encryption is disabled.

All levels

Decrypted bytes

The number of bytes received in the secure channel on the interface that have been decrypted. The secure channel is used to send all data plane traffic on a MACsec-enabled link.

An encrypted byte has to be decrypted before it can be received on the receiving interface. The decrypted bytes counter is incremented for received traffic that was encrypted using MACsec.

All levels

Fields for Secure Association received

Accepted packets

The number of received packets that have been accepted in the connectivity association on the interface. The counter includes all control and data plane traffic accepted on the interface.

A packet is considered accepted for this counter when it has been received by this interface and it has passed the MACsec integrity check.

All levels

Validated bytes

The number of bytes that have been validated by the MACsec integrity check and received on the connectivity association on the interface. The counter includes all control and data plane traffic accepted on the interface.

This counter does not increment when MACsec encryption is disabled.

All levels

Decrypted bytes

The number of bytes received in the connectivity association on the interface that have been decrypted. The counter includes all control and data plane traffic accepted on the interface.

An encrypted byte has to be decrypted before it can be received on the receiving interface. The decrypted bytes counter is incremented for received traffic that was encrypted using MACsec.

All levels

Sample Output

show security macsec statistics interface

Release Information

Command introduced in Junos OS Release 15.1X49-D60.