show security macsec statistics
Syntax
show security macsec statistics <brief | detail> <interface interface-name>
Description
Display Media Access Control Security (MACsec) statistics.
This command does not display output when MACsec is enabled using static secure association key (SAK) security mode.
Options
| none | Display MACsec statistics in brief form for all interfaces on the switch. |
| brief | detail | (Optional)
Display the specified level of output. Using the Note:
The field names that only appear in this command output
when you enter the |
| interface interface-name | (Optional) Display MACsec statistics for the specified interface only. |
Required Privilege Level
view
Output Fields
Table 1 lists
the output fields for the show security macsec statistics command. Output fields are listed in the approximate order in which
they appear.
The field names that appear in this command output only when
you enter the detail option are mostly useful for debugging
purposes by Juniper Networks support personnel. Those field names
are, therefore, not included in this table.
Field Name |
Field Description |
Level of Output |
|---|---|---|
|
Name of the interface. |
All levels |
| Fields for Secure Channel transmitted | ||
|
Total number of packets transmitted out of the interface in the secure channel that were secured and encrypted using MACsec. Data packets are sent in the secure channel when MACsec is enabled, and are secured using a secure association key (SAK). |
All levels |
|
Total number of bytes transmitted out of the interface in the secure channel that were secured and encrypted using MACsec. Data packets are sent in the secure channel when MACsec is enabled, and are secured using a secure association key (SAK). |
All levels |
|
Total number of packets transmitted out of the interface in the secure channel that were secured but not encrypted using MACsec. Data packets are sent in the secure channel when MACsec is enabled, and are secured using a secure association key (SAK). |
All levels |
|
Total number of bytes transmitted out of the interface in the secure channel that were secured but not encrypted using MACsec. Data packets are sent in the secure channel when MACsec is enabled, and are secured using a secure association key (SAK). |
All levels |
| Fields for Secure Association transmitted | ||
|
Total number of packets transmitted out of the interface in the connectivity association that were secured and encrypted using MACsec. The total includes the data packets transmitted in the secure channel and secured using a SAK and the control packets secured using a connectivity association key (CAK). |
All levels |
|
Total number of packets transmitted out of the interface in the connectivity association that were secured but not encrypted using MACsec. The total includes the data packets transmitted in the secure channel and secured using a SAK and the control packets secured using a connectivity association key (CAK). |
All levels |
| Fields for Secure Channel received | ||
|
The number of received packets that have been accepted by the secure channel on the interface. The secure channel is used to send all data plane traffic on a MACsec-enabled link. A packet is considered accepted for this counter when it has been received by this interface and it has passed the MACsec integrity check. This counter increments for traffic that is and is not encrypted using MACsec. |
All levels |
|
The number of bytes that have been validated by the MACsec integrity check and received on the secure channel on the interface. The secure channel is used to send all data plane traffic on a MACsec-enabled link. This counter increments for traffic when MACsec encryption is disabled. |
All levels |
|
The number of bytes received in the secure channel on the interface that have been decrypted. The secure channel is used to send all data plane traffic on a MACsec-enabled link. An encrypted byte has to be decrypted before it can be received on the receiving interface. The decrypted bytes counter is incremented for received traffic that was encrypted using MACsec. |
All levels |
| Fields for Secure Association received | ||
|
The number of received packets that have been accepted in the connectivity association on the interface. The counter includes all control and data plane traffic accepted on the interface. A packet is considered accepted for this counter when it has been received by this interface and it has passed the MACsec integrity check. |
All levels |
|
The number of bytes that have been validated by the MACsec integrity check and received on the connectivity association on the interface. The counter includes all control and data plane traffic accepted on the interface. This counter increments for traffic when MACsec encryption is disabled. |
All levels |
|
The number of bytes received in the connectivity association on the interface that have been decrypted. The counter includes all control and data plane traffic accepted on the interface. An encrypted byte has to be decrypted before it can be received on the receiving interface. The decrypted bytes counter is incremented for received traffic that was encrypted using MACsec. |
All levels |
Sample Output
show security macsec statistics interface xe-0/1/0 detail
user@host> show security macsec statistics interface xe-0/1/0 detail
Interface name: xe-0/1/0
Secure Channel transmitted
Encrypted packets: 123858
Encrypted bytes: 32190903
Protected packets: 0
Protected bytes: 0
Secure Association transmitted
Encrypted packets: 123858
Protected packets: 0
Secure Channel received
Accepted packets: 123877
Validated bytes: 0
Decrypted bytes: 32196238
Secure Association received
Accepted packets: 123877
Validated bytes: 0
Decrypted bytes: 32196238
Error and debug
Secure Channel transmitted packets
Untagged: 0, Too long: 0
Secure Channel received packets
Control: 0, Tagged miss: 3202804
Untagged hit: 0, Untagged: 0
No tag: 0, Bad tag: 0
Unknown SCI: 0, No SCI: 0
Control pass: 0, Control drop: 0
Uncontrol pass: 123877, Uncontrol drop: 0
Hit dropped: 0, Invalid accept: 0
Late drop: 0, Delayed accept: 0
Unchecked: 0, Not valid drop: 0
Not using SA drop: 0, Unused SA accept: 0
Release Information
Command introduced in Junos OS Release 13.2X50-D15.