Hi,

I'm getting an error when applying macsec policy to an interface, I understand what the error message is saying (can't use 1G or less on a port or port group), what I don't get is that none of the other ports in that MAC id group have SFPs, none of them are in use.

I'm trying to use port e1/43 with a 10Gbase-LR sfp, e1/41,42 and 44 with the same MAC id are currently unused.

Error message: "Macsec cannot be enabled on a port group with member ports speed set as <= 1G. Use 'show interface hardware-mappings' to check if the ports are part of same port group (MacId)"

I added "speed 10000" on all 4 ports in the MAC id group but it didn't resolve the issue.

I moved the sfp to e1/19 which is free (for now), macsec was applied successfully to the interface and is running as expected.

The switch is not in production at present but will need to be setup as per design shortly and e1/19 will be required elsewhere, so I would like to understand what the issue is.

e1/17,18 and 20 are all empty same as e1/41,42 and 44.

Hardware: 

 cisco Nexus9000 C93180YC-FX Chassis

 Cisco 10Gbase-LR

Software:

 BIOS: version 05.42
 NXOS: version 9.3(5)

Thanks.