Displaying MACsec configuration details

You can display configuration information for all MACsec groups on a device, or you can display details for a particular group.

  1. In privileged EXEC, global configuration, or dot1x-mka interface mode, use the show dot1x-mka config command to display MACsec configuration details for the device.

    In the following example, MACsec parameters are displayed for the device and all groups configured on it. Specific MACsec interfaces are displayed as well as the pre-shared key for each interface.

    
    
    device(config)# show dot1x-mka config
    dot1x-mka-enable
    mka-cfg-group group1
      key-server-priority 20
      macsec frame-validation check
      macsec confidentiality-offset 30
      macsec cipher-suite gcm-aes-128
      macsec-replay protection out-of-order window-size 100
      enable-mka ethernet 1/3/2
    mka-cfg-group group1
      pre-shared-key 135bd758b0ee5c11c55ff6ab19fd0132 key-name 96437a93ccf10d9dfe3478460cce5132
    enable-mka ethernet 1/3/6
      mka-cfg-group group1
      pre-shared-key 135bd758b0ee5c11c55ff6ab19fd0132 key-name 96437a93ccf10d9dfe3478460cce51321
     
    
  2. In privileged EXEC, global configuration, or dot1x-mka interface mode, enter the show dot1x-mka config-group command to display information for all configured groups. Add a group name to the command to narrow the information displayed to one group.

    The following example displays information for MKA group test1.

    device(config)# show dot1x-mka config-group test1
     mka-cfg-group test1
      key-server-priority 5
      macsec cipher-suite gcm-aes-128 integrity-only
      macsec confidentiality-offset 30
      macsec frame-validation strict
    
    Note: Group information does not include the pre-shared key or enabled connections. Use the show dot1x-mka config command to obtain that information.