Displaying information on current MACsec sessions

You can display MACsec session activity for an interface, including the pre-shared key name, the most recent SAI information, and a list of peers.

  1. For a quick overview of current MACsec sessions, enter the show dot1x-mka sessions brief command in privileged EXEC, global configuration, or dot1x-mka interface mode.
    
    device(config)# show dot1x-mka sessions brief
    
    Port    Link-Status  MKA-Status  Key-Server  Negotiated Capability                   
    
    1/3/2   Down         Pending   ---      ---                                     
    1/3/3   Up           Secured   No       Integrity, Confidentiality with Off. 30 
    1/3/4   Up           Secured   No       Integrity, Confidentiality with Off. 30
    
  2. To display full details on current MACsec sessions, in privileged EXEC, global configuration, or dot1x-mka interface mode, enter the show dot1x-mka sessions ethernet command followed by the interface identifier.
    
    device(config)# show dot1x-mka sessions ethernet 1/3/3
    
    Interface                 : 1/3/3
    
      MACsec Status           : Secured
      DOT1X-MKA Enabled       : Yes
      DOT1X-MKA Active        : Yes
      Key Server              : No
    
    Configuration Status:
      Enabled                 : Yes
      Capability              :  Integrity,  Confidentiality
      Desired                 : Yes
      Protection              : Yes
      Frame Validation        : Disable
      Replay Protection       : Strict
      Replay Protection Size  : 0
      Cipher Suite            : GCM-AES-128
      Key Server Priority     : 20
    
      Local SCI               : 748ef8344a510082
      Member Identifier       : 802ed0536fcafc43407ba222
      Message Number          : 8612
    
    Secure Channel Information:                                       
      Latest SAK Status       : Rx & Tx
      Latest SAK AN           : 0
      Latest KI               : d08483062aa9457e7c2470e300000001
      Negotiated Capability   : Integrity, Confidentiality with offset 30
    
    Peer Information:
    State    	Member Identifier       	Message Number	SCI             	Priority
    -----    	-----------------       	--------------	----------------	--------
    Live     	d08483062aa9457e7c2470e3	          8527	748ef83443910082	      20