show security macsec connections (MX Series)
Syntax
show security macsec connections <interface interface-name>
Description
Display the status of the active MACsec connections on the router.
Options
| none | Display MACsec connection information for all interfaces on the switch. |
| interface interface-name | (Optional) Display MACsec connection information for the specified interface only. |
Required Privilege Level
view
Output Fields
Table 1 lists the
output fields for the show security macsec connections command.
Output fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
| Fields for Interface | |
|
Name of the interface. |
|
Name of the connectivity association. A connectivity association is named using the |
|
Name of the cipher suite used for encryption. |
|
Encryption setting. Encryption is enabled
when this output is The encryption setting is set using the |
|
The offset value in a packet from which encryption can be performed. The offset is set using the |
|
SCI tagging. The SCI tag is included on
packets in a secure channel when this output is By default, include SCI tag is disabled. You can enable SCI
tagging using the |
|
By default, replay protection is disabled.
Replay protection ensures that a snooped packet is not replayed or
a packet number is reused. Replay protection is enabled when this
output is You can enable replay protection using the |
|
Number of packets that can be replayed.
Must be configured with replay protection. This output is set to The size of the replay window is configured using the |
Sample Output
- show security macsec connections
- show security macsec connections (MX480 routers with MPC7E-10G)
- show security macsec connections (MX480 routers with MPC7E-10G)
show security macsec connections
user@host> show security macsec connections
Interface name: xe-0/1/0
CA name: CA1
Cipher suite: GCM-AES-128 Encryption: on
Key server offset: 0 Include SCI: no
Replay protect: off Replay window: 0
show security macsec connections (MX480 routers with MPC7E-10G)
user@host> show security macsec connections
Interface name: xe-4/0/18
CA name: ca1
Cipher suite: GCM-AES-128 Encryption: on
Key server offset: 30 Include SCI: no
Replay protect: off Replay window: 0
Outbound secure channels
SC Id: 54:1E:56:B4:0D:3A/1
Outgoing packet number: 11
Secure associations
AN: 1 Status: inuse Create time: 1d 17:31:10
Inbound secure channels
SC Id: 54:1E:56:B3:CA:A7/1
Secure associations
AN: 1 Status: inuse Create time: 1d 17:31:10show security macsec connections (MX480 routers with MPC7E-10G)
user@host> show security macsec connections interface xe-1/0/7
CA name: caae1
Cipher suite: AES_GCM_128 Encryption: off
Key server offset: 0 Include SCI: no
Replay protect: off Replay window: 0
Outbound secure channels
SC Id: 54:1E:56:B3:CA:9C/1
Outgoing packet number: 1
Secure associations
AN: 0 Status: inuse Create time: 4d 05:56:06
Inbound secure channels
SC Id: 54:1E:56:B4:0D:2F/1
Secure associations
AN: 0 Status: inuse Create time: 4d 05:56:06
Release Information
Command introduced in Junos OS Release 15.1.
Support for MPC7E-10G introduced in Junos OS Release 16.1R1 for MX240, MX480, and MX960 routers.