Configuring MACsec
SUMMARY STEPS
1. configure terminal
2. feature macsec
3. (Optional) copy running-config startup-config
DETAILED STEPS
Command or Action
Step 1
configure terminal
Example:
switch# configure terminal
switch(config)#
Step 2
feature macsec
Example:
switch(config)# feature macsec
Step 3
(Optional) copy running-config startup-config
Example:
switch(config)# copy running-config startup-config
Disabling MACsec
Beginning with Cisco NX-OS Release 9.2(1), disabling the MACsec feature only deactivates this feature and
does not remove the associated MACsec configurations.
Disabling MACsec has the following conditions:
• MACsec shutdown is global command and is not available at the interface level.
• The macsec shutdown, show macsec mka session/summary, show macsec mka session detail, and show
• Consecutive MACsec status changes from macsec shutdown to no macsec shutdown and vice versa needs
SUMMARY STEPS
1. configure terminal
2. macsec shutdown
3. (Optional) copy running-config startup-config
macsec mka/secy statistics commands will display the 'Macsec is shutdown' message. However, the show
macsec policy and show key chain commands will display the output.
a 30 seconds time interval in between the status change.
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
Purpose
Enters global configuration mode.
Enables MACsec and MKA on the device.
Copies the running configuration to the startup
configuration.
Disabling MACsec
505