Troubleshooting Macsec; Cannot Establish Mka Sessions Between Macsec Devices - HPE FlexNetwork 7500 Series Security Configuration Manual
Hide thumbs
Also See for FlexNetwork 7500 Series:
- Security configuration manual (506 pages) ,
- Command reference manual (474 pages) ,
- Network management and monitoring command reference (430 pages)
Table of Contents
Advertisement
Replay protection
Replay window size
Confidentiality offset : 30 bytes
Validation mode
Included SCI
SCI conflict
Cipher suite
Transmit secure channel:
SCI
Elapsed time: 00h:05m:36s
Current SA
Receive secure channels:
SCI
Elapsed time: 00h:03m:21s
Current SA
Previous SA : AN N/A
# Display MKA session information on GigabitEthernet 1/0/1 of Device B.
[DeviceB] display mka session interface gigabitethernet 1/0/1 verbose
Interface GigabitEthernet1/0/1
Tx-SCI
: 00E0020000000106
Priority
: 10
Capability: 3
CKN for participant: E9AC
Key server
MI (MN)
Live peers
Potential peers
Principal actor
MKA session status
Confidentiality offset: 30 bytes
Current SAK status
Current SAK AN
Current SAK KI (KN)
Previous SAK status
Previous SAK AN
Previous SAK KI (KN)
Live peer list:
MI
85E004AF49934720AC5131D3
Troubleshooting MACsec
Cannot establish MKA sessions between MACsec devices
Symptom
The devices cannot establish MKA sessions when the following conditions exist:
•
The link connecting the devices is up.
: Enabled
: 100 frames
: Strict
: No
: No
: GCM-AES-128
: 00E0020000000106
: AN 0
PN 1
: 00E00100000A0006
: AN 0
LPN 1
LPN N/A
: No
: 12A1677D59DD211AE86A0128 (1219)
: 1
: 0
: Yes
: Secured
: Rx & Tx
: 0
: 85E004AF49934720AC5131D300000003 (3)
: N/A
: N/A
: N/A
MN
1216
Priority
Capability
5
3
494
Rx-SCI
00E00100000A0006
Advertisement
Table of Contents
Troubleshooting
