show security macsec statistics (SRX Series Firewalls)
Syntax
show security macsec statistics <brief | detail> <interface interface-name>
Description
Display Media Access Control Security (MACsec) statistics.
Options
none | Display MACsec statistics in brief form for all interfaces on the switch. |
brief | detail | (Optional)
Display the specified level of output. Using the Note:
The field names that only appear in this command output
when you enter the |
interface interface-name | (Optional) Display MACsec statistics for the specified interface only. |
Required Privilege Level
view
Output Fields
Table 1 lists
the output fields for the show security macsec statistics
command. Output fields are listed in the approximate order in which
they appear.
The field names that appear in this command output only when
you enter the detail
option are mostly useful for debugging
purposes by Juniper Networks support personnel. Those field names
are, therefore, not included in this table.
Field Name |
Field Description |
Level of Output |
---|---|---|
|
Name of the interface. |
All levels |
Fields for Secure Channel transmitted | ||
|
Total number of packets transmitted out of the interface in the secure channel that were secured and encrypted using MACsec. Data packets are sent in the secure channel when MACsec is enabled, and are secured using a connectivity association key (CAK). |
All levels |
|
Total number of bytes transmitted out of the interface in the secure channel that were secured and encrypted using MACsec. Data packets are sent in the secure channel when MACsec is enabled, and are secured using a connectivity association key (CAK). |
All levels |
|
Total number of packets transmitted out of the interface in the secure channel that were secured but not encrypted using MACsec. Data packets are sent in the secure channel when MACsec is enabled, and are secured using a connectivity association key (CAK). |
All levels |
|
Total number of bytes transmitted out of the interface in the secure channel that were secured but not encrypted using MACsec. Data packets are sent in the secure channel when MACsec is enabled, and are secured using a connectivity association key (CAK). |
All levels |
Fields for Secure Association transmitted | ||
|
Total number of packets transmitted out of the interface in the connectivity association that were secured and encrypted using MACsec. The total includes the data packets transmitted in the secure channel and the control packets secured using a connectivity association key (CAK). |
All levels |
|
Total number of packets transmitted out of the interface in the connectivity association that were secured but not encrypted using MACsec. The total includes the data packets transmitted in the secure channel and the control packets secured using a connectivity association key (CAK). |
All levels |
Fields for Secure Channel received | ||
|
The number of received packets that have been accepted by the secure channel on the interface. The secure channel is used to send all data plane traffic on a MACsec-enabled link. A packet is considered accepted for this counter when it has been received by this interface and it has passed the MACsec integrity check. This counter increments for traffic that is and is not encrypted using MACsec. |
All levels |
|
The number of bytes that have been validated by the MACsec integrity check and received on the secure channel on the interface. The secure channel is used to send all data plane traffic on a MACsec-enabled link. This counter does not increment when MACsec encryption is disabled. |
All levels |
|
The number of bytes received in the secure channel on the interface that have been decrypted. The secure channel is used to send all data plane traffic on a MACsec-enabled link. An encrypted byte has to be decrypted before it can be received on the receiving interface. The decrypted bytes counter is incremented for received traffic that was encrypted using MACsec. |
All levels |
Fields for Secure Association received | ||
|
The number of received packets that have been accepted in the connectivity association on the interface. The counter includes all control and data plane traffic accepted on the interface. A packet is considered accepted for this counter when it has been received by this interface and it has passed the MACsec integrity check. |
All levels |
|
The number of bytes that have been validated by the MACsec integrity check and received on the connectivity association on the interface. The counter includes all control and data plane traffic accepted on the interface. This counter does not increment when MACsec encryption is disabled. |
All levels |
|
The number of bytes received in the connectivity association on the interface that have been decrypted. The counter includes all control and data plane traffic accepted on the interface. An encrypted byte has to be decrypted before it can be received on the receiving interface. The decrypted bytes counter is incremented for received traffic that was encrypted using MACsec. |
All levels |
Sample Output
show security macsec statistics interface
user@host> show security macsec statistics interface fxp1 detail Interface name: fxp1 Secure Channel transmitted Encrypted packets: 2397305 Encrypted bytes: 129922480 Protected packets: 0 Protected bytes: 0 Secure Association transmitted Encrypted packets: 2397305 Protected packets: 0 Secure Channel received Accepted packets: 2395850 Validated bytes: 0 Decrypted bytes: 131715088 Secure Association received Accepted packets: 2395850 Validated bytes: 0 Decrypted bytes: 0
Release Information
Command introduced in Junos OS Release 15.1X49-D60.