2.
interface name
3.
[
no
]
eapol mac-address mac_address
[
ethertype eth_type]
4.
(Optional)
copy running-config startup-config
DETAILED STEPS
Purpose
Command or Action
Enters global configuration mode.
configure terminal
Example:
Step 1
switch# configure terminal
switch(config)#
Specifies the interface that you are configuring. You can
specify the interface type and identity. For an Ethernet port,
use ethernet slot/port.
interface name
Example:
switch(config)# interface ethernet 1/1
switch(config-if)#
Step 2
Disables the EAPOL configuration on the specified interface
type and identity.
[
no
]
eapol mac-address mac_address
[
ethertype eth_type]
Step 3
Copies the running configuration to the startup
configuration.
(Optional)
copy running-config startup-config
Example:
Step 4
switch(config-macseckeychain-macseckey)# copy
running-config startup-config
Verifying the MACsec Configuration
To display MACsec configuration information, perform one of the following tasks:
Purpose
Command
Displays the keychain configuration.
show key chain name
Displays information about the MACsec MKA session for a specific
interface or for all interfaces.
show macsec mka session
[
interface type slot
/
port
] [
detail
]
Displays information about the MAC address and the ethernet type that
is currently used by the interfaces for all EAPOL packets.
show macsec mka session details
Displays the MACsec MKA configuration.
show macsec mka summary
Displays the configuration for a specific MACsec policy or for all
MACsec policies.
show macsec policy
[
policy-name
]
Displays the running configuration information for MACsec.
show running-config macsec
The following example displays information about the MACsec MKA session for all interfaces. .
switch# show macsec mka session
Interface
Local-TxSCI
# Peers
Status
Cisco Nexus 9000 Series NX-OS Security Configuration Guide, Release 9.x
513
Configuring MACsec
Verifying the MACsec Configuration