display mka session
Use display mka session to display MKA session information.
Syntax
display mka session [ interface interface-type interface-number | local-sci sci-id ] [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface interface-type interface-number: Specifies a port by its type and number. If you do not specify a port, this command displays MKA session information on all ports.
local-sci sci-id: Specifies a local SCI, a case-insensitive hexadecimal string of 16 characters.
verbose: Displays detailed MKA session information. If you do not specify this keyword, the command displays brief MKA session information.
Examples
# Display brief MKA session information on Ten-GigabitEthernet 4/1/1.
<Sysname> display mka session interface ten-gigabitethernet 4/1/1 Interface Ten-GigabitEthernet4/1/1 Tx-SCI : 000C29F6A4380004 Priority : 0 Capability: 3 CKN for participant: ABCD Key server : Yes MI (MN) : D7B00EDA353242704CC6B0DB (7) Live peers : 1 Potential peers : 0 Principal actor : Yes MKA session status : Secured Confidentiality offset: 30 bytes
# Display detailed MKA session information on Ten-GigabitEthernet 4/1/1.
<Sysname> display mka session interface ten-gigabitethernet 4/1/1 verbose Interface Ten-GigabitEthernet4/1/1 Tx-SCI : 000C29F6A4380004 Priority : 0 Capability: 3 CKN for participant: ABCD Key server : Yes MI (MN) : D7B00EDA353242704CC6B0DB (7) Live peers : 1 Potential peers : 0 Principal actor : Yes MKA session status : Secured Confidentiality offset: 30 bytes Current SAK status : Rx & Tx Current SAK AN : 0 Current SAK KI (KN) : 4273791304C1C26259C94C3400000001 (1) Previous SAK status : N/A Previous SAK AN : N/A Previous SAK KI (KN) : N/A Live peer list: MI MN Priority Capability Rx-SCI EA58DC3F8715953DBC6593F0 840 100 3 00E0020000000106 Potential peer list: MI MN Priority Capability Rx-SCI DA58DC3Q4573543DBC6699F0 3 200 3 00E0021200000107
Table 93: Command output
Field | Description |
---|---|
Tx-SCI | SCI for outbound traffic, in hexadecimal notation. |
Priority | Key server priority, in the range of 0 to 255. |
Capability | MACsec capability:
|
CKN for participant | CAK name of the MKA instance. |
Key server | Whether the local end is the key server. |
MI | Member identifier in hexadecimal notation. |
MN | Message number. |
Live peers | Numbers of peers that have already been learned. |
Potential peers | Numbers of peers that are being negotiated. |
Principal actor | Whether the MKA instance is the principal actor. MKA instance refers to the operation entity of the MKA protocol on a port. A port might have multiple MKA instances. The principal actor is the MKA instance in active state. |
MKA session status | MKA session status:
If the MKA instance is not the principal actor, this field displays N/A. |
Confidentiality offset | Confidentiality offset issued by the key server. This field displays N/A in the following situations:
|
Current SAK status | Status of the current SAK:
This field displays N/A in the following situations:
|
Current SAK AN | SA number of the current SAK in use. This field displays N/A in the following situations:
|
Current SAK KI | Key identifier of the current SAK in use, a string of hexadecimal digits that contains the key server's 12-byte MI and KN. This field displays N/A in the following situations:
|
KN | SAK number. This field displays N/A in the following situations:
|
Previous SAK status | Status of the previous SAK:
This field displays N/A in the following situations:
|
Previous SAK AN | SA number of the previous SAK. This field displays N/A in the following situations:
|
Previous SAK KI | Key identifier of the previous SAK, a string of hexadecimal digits that contains the key server's 12-byte MI and KN. This field displays N/A in the following situations:
|
Live peer list | List of peers that have participated in the MKA session. This field is not available if no live peer exists. |
Potential peer list | List of peers that are being negotiated. This field is not available if no potential peer exists. |
Rx-SCI | SCI for inbound traffic, in hexadecimal notation. |
Related commands
reset mka session