show mka policy
Catalyst 3750-X and 3560-X Switch Command Reference
2-694
Downloaded from
www.Manualslib.com
Table 2-41
show mka policy Output FIelds
Field
Description
Policy Name
The string identifier of the policy.
KS Priority
The set value of the priority for becoming the key server (KS). The range is
0 to 255, with 0 as the highest priority and 255 as the lowest priority. A value
of 0 means that the switch should always try to act as the key server, while
a value of 255 means that it should never try to act as the server. This value
is not configurable.
Delay Protect
The set value of delay protection being provided. This value is not
configurable.
Replay Protect
The configured value of replay protection being provided. (This is
configurable by entering the replay-protection window-size command.)
Window Size
The configured size of the replay protection window in number of frames
per packet. If replay protection is off, the value is 0. If replay protection is
on and the value is 0, a strict in-order verification of MACsec frames occurs.
(This is configurable by entering the replay-protection window-size
command.)
Conf Offset
The configured value of the confidentiality offset in the number of bytes to
offset protection or encryption into each frame in MACsec. Configurable
values are 0 (no offset), 30, or 50 bytes.
Interfaces Applied
The short name of each interface on which this policy is applied. The string
is empty if it is not applied to any interfaces.
This is sample output of the show mka policy detail command:
Switch# show mka policy MkaPolicy detail
MKA Policy Configuration ("MkaPolicy-3")
========================
MKA Policy Name........ MkaPolicy-3
Key Server Priority.... 0
Delay Protection....... NO
Replay Protection...... YES
Replay Window Size..... 64
Confidentiality Offset. 30
Applied Interfaces...
GigabitEthernet1/0/4
GigabitEthernet1/0/6
This is sample output of the show mka policy sessions command:
Switch# show mka policy replay-policy sessions
Summary of All Active MKA Sessions with MKA Policy "replay-policy"...
Interface Peer-RxSCI
Port-ID
Local-TxSCI
================================================================================
Gi1/0/25
001b.2140.ec3c/0000 replay-policy
2
001e.bdfe.6d99/0002 YES
manuals search engine
Chapter 2 Catalyst 3750-X and 3560-X Cisco IOS Commands
GigabitEthernet1/0/5
Policy-Name
Audit-Session-ID
Key-Svr Status
CKN
0A05783B0000001700448BA8
Secured
3808F996026DFB8A2FCEC9A88BBD0680
OL-21522-02