Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

show security macsec connections

Syntax

Description

Display the status of the active MACsec connections on the switch.

This command does not display output when MACsec is enabled using static secure association key (SAK) security mode.

Options

none

Display MACsec connection information for all interfaces on the switch.
interface interface-name

(Optional) Display MACsec connection information for the specified interface only.

Required Privilege Level

view

Output Fields

Table 1 lists the output fields for the show security macsec connections command. Output fields are listed in the approximate order in which they appear.

Table 1: show security macsec connections Output Fields

Field Name

Field Description
Fields for Interface

Interface name

Name of the interface.

CA name

Name of the connectivity association.

A connectivity association is named using the connectivity-association statement when you are enabling MACsec.

Cipher suite

Name of the cipher suite used for encryption.

Encryption

Encyption setting. Encryption is enabled when this output is on and disabled when this output is off.

The encryption setting is set using the no-encryption statement in the connectivity association when using static connectivity association key (CAK) security mode and is set using the encryption statement in the secure channel when using static secure association key (SAK) or dynamic security mode.

Key server offset

Offset setting.

The offset is set using the offset statement when configuring the connectivity association when using static connectivity association key (CAK) or dynamic security mode or the secure channel when using static secure association key (SAK) security mode.

Include SCI

SCI tagging. The SCI tag is included on packets in a secure channel when this output is yes, and not included on packets in a secure channel when this output is no.

You can enable SCI tagging using the include-sci statement in the connectivity association.

Note:

SCI tags are automatically appended to packets leaving a MACsec-enabled interface on an EX4300 switch. The include-sci option is, therefore, not available on EX4300 switches. The output for the Include SCI field is yes.

Replay protect

Replay protection setting. Replay protection is enabled when this output is on and disabled when this output is off.

You can enable replay protection using the replay-protect statement in the connectivity association.

Replay window

Replay protection window setting. This output is set to 0 when replay protection is disabled, and is the size of the replay window, in number of packets, when replay protection is enabled.

The size of the replay window is configured using the replay-window-size statement in the connectivity association.

Sample Output

show security macsec connections

Release Information

Command introduced in Junos OS Release 13.2X50-D15.

Related Documentation