Show commands

Show command for MACsec policies

Syntax

show macsec policy policy-name

Show one or more MACsec policies.

show macsec policy policy-name

Show one or more MACsec policies.

policy-name

A MACsec policy name up to 32 characters long.

show macsec policy

HP-5406Rzl(config)# show macsec policy

Configuration - MACsec Policy
Policy Name : policy1
Cipher Suite      : AES-GCM-128
Include-SCI       : Yes
Confidentiality   : On             Confidentiality offset   : 0
Replay-Protection : On             Replay-Protection Window : 0
Mode : pre-shared-key (PSK)
CKN  : abcd
CAK  : abcd
Policy Name : macsecpolicy5
Cipher Suite      : AES-GCM-128
Include-SCI       : No
Confidentiality   : Off            Confidentiality offset   : 0
Replay-Protection : On             Replay-Protection Window : 0
Mode : pre-shared-key (PSK)
CKN  : abcd11111111121212121212abcd3434
CAK  : abab121212121212abcd34343434121212121212abcd34343434abcdefabcdef

show macsec policy Policy1

show macsec policy Policy1

Configuration - MACsec Policy
Policy Name : policy1
Cipher Suite      : AES-GCM-128
Include-SCI       : Yes
Confidentiality   : On             Confidentiality offset   : 0
Replay-Protection : On             Replay-Protection Window : 0
Mode : pre-shared-key (PSK)
CKN  : abcd
CAK  : abcd

Command validations

Validation

Error/Warning/Prompt

Check whether the policy with the name exists.

MACsec policy %s does not exist.

There are no MACsec policies configured on the system.

No MACsec policy is found.

Details


[NOTE: ]

NOTE: In Manager mode.


Condition

Behavior

Include-credentials enabled/disabled

CAK value is displayed in plaintext format.

Encrypt-credentials enabled/disabled

CAK value is displayed in plaintext format.

In Enhanced Secure Mode (FIPS)

A dialogue is provided to proceed with display of sensitive information and only on a consent to proceed, policy details are displayed.

Show command for MACsec status

Syntax

show macsec status

Show the status of all MACsec-enabled ports.

status

Show the status of all MACsec-enabled ports.

show macsec status

show macsec status

Status and Configuration - MACsec Protocol
Interface  Policy                           Mode    Status Protection
 --------- -------------------------------- ------- ------ --------------------
 A2        policy1                          PSK     Up     Confidentiality
 L22       policy1                          PSK     Down   Confidentiality

Command validation

Validation

Error/Warning/Prompt

MACses is not enabled on ports.

MACsec is not enabled on any port.

Show command for MACsec status on a port

Syntax

show macsec status port-num

Show the status of all MACsec-enabled ports.

show macsec status

HP-5406Rzl(config)# show macsec status A1

show command output

HP-5406Rzl(config)# show macsec status A1
Status and Configuration - MACsec Protocol
Interface : A1
Policy       : Policy1
Transmitting : Yes
Receiving    : Yes
Protection   : Confidentiality
Transmit secure Channel
SCI                  : 000C29F6A4380004c
Secure Association
Association Number : 1 (old)
KI               : 4F18CE25228178FD15976E4C
LPN                : 2
SA-Start-time      : 01:02:19 
SA-Stop-time       : 02:04:29
Association Number : 0 (current)
KI               : 4F18CE25228178FD15976E4C
LPN                : 3
SA-Start           : 04:05:11
SA-Stop-time       : 04:10:12
Receive secure Channel
SCI                  : 000C29F6A4380003b
Secure Association
Association Number : 0 (current)
KI               : 4F18CE29456aefFD15976E4C
LPN                : 121198
SA-Start           : 04:05:12
SA-Stop-time       : 04:10:13

Validation

Error/Warning/Prompt

Check whether MACsec is enabled on the port.

MACsec is not enabled on port %s.

Show command for MACsec statistics

Syntax

show macsec statistics port-num

statistics

Show MACsec statistics.

[ethernet] PORT-NUM

The port to show MACsec statistics for.

Show macsec statistics

Show MACsec statistics.

HP-5406Rzl(config)# show macsec statistics


Status and Counters - MACsec Protocol
 Interface : A1
 Receive Statistics
Totals (Since boot or last clear) :
Bytes Received        : 234435
Unicast Packets       : 0 
Multicast Packets     : 0
Broadcast Packets     : 0
Errors (Since boot or last clear) :
Discarded Packets     : 0
Crypto Overruns      : 0
Packets With No Tag  : 0
Erroneous Packets     : 0
Packets With Bad Tag : 0
Packets With No SCI  : 0

Transmit Statistics
Totals (Since boot or last clear) :
Bytes Transmitted     : 28733989
Unicast Packets       : 0
Multicast Packets     : 0
Broadcast Packets     : 0
Errors (Since boot or last clear) :
Erroneous Packets     : 0
Packets Too Long      : 0
Interface : A2
Receive Statistics
Totals (Since boot or last clear) : 
Bytes Received        : 234435
Unicast Packets       : 0 
Multicast Packets     : 0
Broadcast Packets     : 0
Errors (Since boot or last clear) :
Discarded Packets     : 0
Crypto Overruns      : 0
Packets With No Tag  : 0
Erroneous Packets     : 0
Packets With Bad Tag : 0
Packets With No SCI  : 0

Transmit Statistics
Totals (Since boot or last clear) :
Bytes Transmitted     : 28733989 
Unicast Packets       : 0
Multicast Packets     : 0 
Broadcast Packets     : 0
Errors (Since boot or last clear) :
Erroneous Packets     : 0
Packets Too Long      : 0

Show macsec statistics A1

HP-5406Rzl(config)# show macsec statistics A1
Status and Counters - MACsec Protocol
Interface : A1
Receive Statistics
Totals (Since boot or last clear) :  
Bytes Received        : 234435
Unicast Packets       : 0
Multicast Packets     : 0
Broadcast Packets     : 0
Errors (Since boot or last clear) :
Discarded Packets     : 0
Crypto Overruns      : 0
Packets With No Tag  : 0
Erroneous Packets     : 0
Packets With Bad Tag : 0
Packets With No SCI  : 0

Transmit Statistics
Totals (Since boot or last clear) :
Bytes Transmitted     : 28733989
Unicast Packets       : 0
Multicast Packets     : 0
Broadcast Packets     : 0
Errors (Since boot or last clear) :
Erroneous Packets     : 0
Packets Too Long      : 0

Command validations


[NOTE: ]

NOTE: In Manager mode.


Validation

Error/Warning/Prompt

Check whether MACsec is enabled on the port.

MACsec is not enabled on port %s.

Show command for detailed MACsec statistics on a port

Syntax

show macsec statistics PORT-NUM detail

Show detailed statistics for a MACsec-enabled port.

statistics

Show MACsec statistics.

detail

Show detailed statistics for a MACsec-enabled port.

[ethernet] PORT-NUM

The port to show MACsec statistics for.

show macsec statistics A1 detail

HP-5406Rzl(config)# show macsec statistics A1 detail

Status and Counters - MACsec Protocol
Interface : A1
Receive Statistics
Totals (Since boot or last clear) :  
Bytes Received        : 234435
Unicast Packets       : 0
Multicast Packets     : 0
Broadcast Packets     : 0
Errors (Since boot or last clear) :
Discarded Packets     : 0
Crypto Overruns      : 0
Packets With No Tag  : 0
Erroneous Packets     : 0

Packets With Bad Tag : 0
Packets With No SCI  : 0

Transmit Statistics
Totals (Since boot or last clear) :
Bytes Transmitted     : 28733989
Unicast Packets       : 0
Multicast Packets     : 0 
Broadcast Packets     : 0
Errors (Since boot or last clear) :
Erroneous Packets     : 0
Packets Too Long      : 0

Secure Channel Transmit Statistics
Encrypted Packets    : 0
Bytes Protected      : 0 
Bytes Encrypted      : 0

Secure Association Statistics
Association Number   : 0 (old)
Protected Packets  : 0

Encrypted Packets  : 0
Association Number   : 1 (current)
Protected Packets  : 0
Encrypted Packets  : 0

Secure Channel Receive Statistics
Not using SA         : 0
Late                 : 0
Not Valid            : 0
Delayed              : 0
Valid                : 0
Bytes Validated      : 0
Bytes Decrypted      : 0

Secure Association Statistics
Association Number   : 1 (current)
Not using SA        : 0
Not Valid           : 0
Valid               : 0

Command validations


[NOTE: ]

NOTE: In Manager mode.

Validation

Error/Warning/Prompt

Check whether MACsec is enabled on the port.

MACsec is not enabled on port %s.


Show command for MKA status

Syntax

show port-access mka status PORT-NUM

Show the MKA protocol status information.

show port-access authenticator [...]|supplicant [...]|summary [...]| mka...

Show 802.1X (Port Based Network Access) supplicant or authenticator current status and configuration.

[ethernet] PORT-LIST

Show Web/MAC Authentication statistics and configuration.

authenticator

Show 802.1X (Port Based Network Access) authenticator current status, configuration or last session counters.

config

Show status of 802.1X, Web Auth, and MAC Auth configurations.

local-mac

Show Local MAC Authentication statistics and configuration.

mac-based

Show MAC Authentication statistics and configuration.

mka

Show the MKA protocol information.

summary

Show summary configuration information for all ports, including that overridden by RADIUS attributes.

supplicant

Show 802.1X (Port Based Network Access) supplicant current status and configuration.

web-based

Show Web Authentication statistics and configuration.

statistics

Show the MKA statistics.

status

Show the MKA protocol status information.

Show port-access mka status

HP-5406Rzl(config)# show port-access mka status
Status and Configuration - MKA Protocol
Interface : A2 
Port MAC Address      : f0921c-4576fe 
MKA Session Status    : Secured  
CKN                   : abcd                            
MI                    : 1c64f054f894b5482defdf81 
MN                    : 86      
Capability            : IC, Conf, Offset 0  
Transmit Interval     : 2  
Key Server Priority   : 16 
Key Server            : No 

Live Peer List: 

MI                       MN       PRI Capability            Rx-SCI          
------------------------ -------- --- --------------------- ----------------
fb7f82788e4cd38dbc65dc55 119      16  IC, Conf, Offset 0    a45d36489bfe0002

Potential Peer List:
MI                       MN       PRI Capability            Rx-SCI          
 ------------------------ -------- --- --------------------- ----------------

Interface : L2 
Port MAC Address      : f0921c-4576fe
MKA Session Status    : Secured
CKN                   : abcdefabcd
MI                    : 1c64f054f894b5482defdf81
MN                    : 86 
Capability            : IC, Conf, Offset 0  
Transmit Interval     : 2 
Key Server Priority   : 16 
Key Server            : No

Live Peer List: 
   MI                       MN       PRI Capability            Rx-SCI
------------------------ -------- --- --------------------- ----------------
fb7f82788e4cd38dbc65dc55 119      16  IC, Conf, Offset 0    a45d36489bfe0002

Potential Peer List: 
    MI                       MN       PRI Capability            Rx-SCI          
------------------------ -------- --- --------------------- ----------------

Show port-access MKA status A2

HP-5406Rzl(config)# show port-access mka status A2
Status and Configuration - MKA Protocol
Interface : A2 
Port MAC Address      : f0921c-4576fe  
MKA Session Status    : Secured
CKN                   : abcd
MI                    : 1c64f054f894b5482defdf81 
MN                    : 86
Capability            : IC, Conf, Offset 0  
Transmit Interval     : 2
Key Server Priority   : 16 
Key Server            : No

Live Peer List: 
MI                       MN       PRI Capability            Rx-SCI          
------------------------ -------- --- --------------------- ----------------
fb7f82788e4cd38dbc65dc55 119      16  IC, Conf, Offset 0    a45d36489bfe0002

Potential Peer List: 
MI                       MN       PRI Capability            Rx-SCI          
------------------------ -------- --- --------------------- ----------------

Command validations


[NOTE: ]

NOTE: In Operator mode.

Validation

Error/Warning/Prompt

Check whether MACsec is enabled on the port.

MACsec is not enabled on port %s.


Show command for MKA statistics

Syntax

show port-access mka statistics PORT-NUM

Show the MKA statistics. When a PORT-NUM is used, the MKA statistics of the selected port are shown.

[ethernet] PORT-LIST

Show Web/MAC Authentication statistics and configuration.

authenticator

Show 802.1X (Port Based Network Access) authenticator current status, configuration or last session counters.

config

Show status of 802.1X, Web Auth, and MAC Auth configurations.

local-mac

Show Local MAC Authentication statistics and configuration.

mac-based

Show MAC Authentication statistics and configuration.

mka

Show the MKA protocol information.

summary

Show summary configuration information for all ports, including that overridden by RADIUS attributes.

supplicant

Show 802.1X (Port Based Network Access) supplicant current status and configuration.

web-based

Show Web Authentication statistics and configuration.

statistics

Show the MKA statistics.

status

Show the MKA protocol status information.

[ethernet] PORT-NUM

Specify the port number.

Show port-access MKA statistics

HP-5406Rzl(config)# show port-access mka statistics
Status and Counters - MKA Protocol
CAs Established : 32
CAs Deleted     : 1
Interface : A1
  Tx MKPDUs                    : 16534893
  Rx MKPDUs                    : 16534893
  SAKs Distributed             : 0
  SAKs Received                : 0 
  MKPDUs With Invalid Version  : 0
  MKPDUs With Invalid CKN      : 0 
  MKPDUs With Invalid ICV      : 0 
  MKPDUs With Duplicate MI     : 0 
  MKPDUs With Invalid MN       : 0 
 Interface : A2
  Tx MKPDUs                    : 16534893 
  Rx MKPDUs                    : 16534893
  SAKs Distributed             : 0
  SAKs Received                : 0 
  MKPDUs With Invalid Version  : 0
  MKPDUs With Invalid CKN      : 0 
  MKPDUs With Invalid ICV      : 0 
  MKPDUs With Duplicate MI     : 0 
  MKPDUs With Invalid MN       : 0

Show port-access MKA statistics A1

HP-5406Rzl(config)# show port-access mka statistics A1
Status and Counters - MKA Protocol
Interface : A1
  Tx MKPDUs                    : 16534893
  Rx MKPDUs                    : 16534893
  SAKs Distributed             : 0
  SAKs Received                : 0 
  MKPDUs With Invalid Version  : 0
  MKPDUs With Invalid CKN      : 0 
  MKPDUs With Invalid ICV      : 0
  MKPDUs With Duplicate MI     : 0
   MKPDUs With Invalid MN       : 0 

Command validations


[NOTE: ]

NOTE: In Operator mode.


Validation

Error/Warning/Prompt

Check whether MACsec is enabled on the port (in case where the Port-Num is given)

MACsec is not enabled on port %s.

Check whether MACsec is enabled on any port.

MACsec is not enabled on any port.

Show tech command

Syntax

show tech macsec status|statistics

Show tech MACsec for either status or statistics.