12-17-2018 07:56 AM - edited 02-20-2020 09:45 PM
hi,
how do i read "show macsec secy statistics" output ? i mean i am trying to understand and see what and how much traffic is send unencrypted between peers,
show macsec secy statistics
Interface Ethernet1/48 MACSEC SecY Statistics:
--------------------------------------------
Interface Rx Statistics:
Unicast Uncontrolled Pkts: 1484174331
Multicast Uncontrolled Pkts: 3394935
Broadcast Uncontrolled Pkts: 18798
Uncontrolled Pkts - Rx Drop: 0
Uncontrolled Pkts - Rx Error: 0
Unicast Controlled Pkts: N/A (N9K-C93180YC-FX not supported)
Multicast Controlled Pkts: N/A (N9K-C93180YC-FX not supported)
Broadcast Controlled Pkts: N/A (N9K-C93180YC-FX not supported)
Controlled Pkts - Rx Drop: N/A (N9K-C93180YC-FX not supported)
Controlled Pkts - Rx Error: N/A (N9K-C93180YC-FX not supported)
In-Octets Uncontrolled: 364101445432 bytes
In-Octets Controlled: 261323465678 bytes
Input rate for Uncontrolled Pkts: 418 pps
Input rate for Uncontrolled Pkts: 565804 bps
Input rate for Controlled Pkts: 418 pps
Input rate for Controlled Pkts: 404678 bps
Interface Tx Statistics:
Unicast Uncontrolled Pkts: 3240957577
Multicast Uncontrolled Pkts: 17808518
Broadcast Uncontrolled Pkts: 18380
Uncontrolled Pkts - Rx Drop: 0
Uncontrolled Pkts - Rx Error: 0
Unicast Controlled Pkts: N/A (N9K-C93180YC-FX not supported)
Multicast Controlled Pkts: N/A (N9K-C93180YC-FX not supported)
Broadcast Controlled Pkts: N/A (N9K-C93180YC-FX not supported)
Controlled Pkts - Rx Drop: N/A (N9K-C93180YC-FX not supported)
Controlled Pkts - Rx Error: N/A (N9K-C93180YC-FX not supported)
Out-Octets Uncontrolled: 4163676223872 bytes
Out-Octets Controlled: 3857770722135 bytes
Out-Octets Common: 4163676223872 bytes
Output rate for Uncontrolled Pkts: 285 pps
Output rate for Uncontrolled Pkts: 1847241 bps
Output rate for Controlled Pkts: 285 pps
Output rate for Controlled Pkts: 1737228 bps
SECY Rx Statistics:
Transform Error Pkts: N/A (N9K-C93180YC-FX not supported)
Control Pkts: 2794082
Untagged Pkts: N/A (N9K-C93180YC-FX not supported)
No Tag Pkts: 7
Bad Tag Pkts: 0
No SCI Pkts: 0
Unknown SCI Pkts: 0
Tagged Control Pkts: N/A (N9K-C93180YC-FX not supported)
SECY Tx Statistics:
Transform Error Pkts: N/A (N9K-C93180YC-FX not supported)
Control Pkts: 2794071
Untagged Pkts: N/A (N9K-C93180YC-FX not supported)
SAK Rx Statistics for AN [0]:
Unchecked Pkts: 0
Delayed Pkts: 0
Late Pkts: 0
OK Pkts: 878572513
Invalid Pkts: 0
Not Valid Pkts: 0
Not-Using-SA Pkts: 0
Unused-SA Pkts: 0
Decrypted In-Octets: 196211408223 bytes
Validated In-Octets: 0 bytes
SAK Tx Statistics for AN [0]:
Encrypted Protected Pkts: 2192534561
Too Long Pkts: N/A (N9K-C93180YC-FX not supported)
SA-not-in-use Pkts: N/A (N9K-C93180YC-FX not supported)
Encrypted Protected Out-Octets: 2874951405169 bytes
concern is that my policy says "should" not "must" hence my question on how much traffic failed to be encrypted and was send unencrypted,
macsec policy 1
cipher-suite GCM-AES-256
key-server-priority 0
window-size 512
conf-offset CONF-OFFSET-0
security-policy should-secure
thanks
M
01-21-2019 05:04 AM
anyone can help pls ?
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide