show security mka sessions
Syntax
show security mka sessions <interface interface-name>
Description
Display MACsec Key Agreement (MKA) session information for all interfaces. The MKA protocol is responsible for maintaining MACsec on the link, and decides which router on the point-to-point link becomes the key server.
Options
interface interface-name—Display the MKA session information for the specified interface only.summary | brief | detail—Display the specified level of output.none (same as
brief)—Display the MKA session information for all interfaces.
Required Privilege Level
view
Output Fields
Table 1 lists the output
fields for the show security mka sessions command. Output
fields are listed in the approximate order in which they appear.
Field Name |
Field Description |
|---|---|
|
Name of the interface. |
|
Shows whether the interface is secured or not. If it is secured, the CAK type is also displayed. |
|
Name of the member identifier. |
|
Name of the connectivity
association key (CAK). The CAK is configured using the |
|
The CAK type: primary, fallback, or preceding. |
|
The transmit interval. Both ends of the point-to-point link should be configured to the same value. Default value is 2000 seconds. Possible values: 2000 through 6000 milliseconds. |
|
Name of the outbound secure channel identifier. |
|
Number of the last data message. |
|
Key number. |
|
Key server status. The router is the key server when this output is |
|
Displays the priority of the key server.
Lower value indicates higher priority. Use the |
|
Name of the latest secure association key (SAK) association number. |
|
Name of the latest secure association key (SAK) key identifier. |
| Fields for Peer list | |
|
Name of the member identifier. |
|
Hold time, in seconds. |
|
Number of the last data message |
|
Name of the secure channel identifier. |
|
Number of the lowest acceptable packet number (PN). |
| Fields for CAK list (detail only) | |
|
Name of the connectivity association key (CAK). |
|
The CAK type: primary, fallback, or preceding. |
|
The CAK status: live, active, or in-progress. |
|
Name of the member identifier. |
|
Number of the last data message |
Sample Output
show security mka sessions
user@host> show security mka sessions Member identifier: ABC09234C234245345 CAK Name: EF00132234324ABCDE2342352345DC Send period : 2000 (ms) Key server priority: 16 Message number: 132 Outbound SCI: 01:01:02:02:03:04/1968 Key Server: Yes Key Server priority: 16 Latest SAK AN : 2 Latest SAK KI: ABC09090EFAA1212 Previous SAK AN: 1 Pervious SAK KI: CEE090A07FAA3223 Peer list 1. MI: ABC09234C234245345 (Live/Potential) MN: 2345 SCI: 01:02:02:02:04:04/1990 Hold time: 6 sec Lowest Acceptable PN: 243235 2. MI: ACC0926C334245341 (Potential) MN: 2784 SCI: 04:02:02:02:05:04/1340 Hold time: 6 sec Lowest Acceptable PN: 645236
Release Information
Command introduced in Junos OS Release 13.2X50-D15.