transport-security

• lacp

  LACP protocol

• lldp

  LLDP protocol

• cdp

  Cisco discovery protocol

• eapol-start

  EAP over LAN start packets

• efm-oam

  Ethernet in first mile protocol

• eth-cfm

  Connectivity fault management protocol

• ptp

  Precision Time Protocol

• ubfd

  Micro BFD protocol

• 0-bytes

  No octets are sent unencrypted

• 30-bytes

  30 octects are sent unencrypted

• 50-bytes

  50 octects are sent unencrypted

Indicates the number of the currently assigned CAK

When a new CAK is generated, this number is incremented.

Indicates the Association Number (AN) of the latest Secure Association Key (SAK)

This number is concatenated with an SCI to identify a Secure Association (SA).

Indicates the Key Identifier (KI) of the latest SAK

This number is derived from the MI of the key server and the key number.

• gcm-aes-128

  gcm-aes-128 Cipher Suite

• gcm-aes-256

  gcm-aes-256 Cipher Suite

• gcm-aes-xpn-128

  gcm-aes-xpn-128 Cipher Suite

• gcm-aes-xpn-256

  gcm-aes-xpn-256 Cipher Suite

• up

  Component or process is operational

• down

  Component or process is not operational

• empty

  Component slot is empty

• downloading

  Component is downloading image into memory

• booting

  Component is booting downloaded image

• starting

  Component image operational, application processes starting

• failed

  Component or process has failed

• synchronizing

  Component is currently being synchronized

• upgrading

  Component is currently being upgraded

• low-power

  Component is offline due to insufficient system power

• degraded

  Component or process is in a degraded state

• warm-reboot

  Component or process is currently warm rebooting

  This state is set during a warm reboot immediately following initiation of the reboot, continuing after startup until the system has completed audit. In this state the system will not accept configuration changes.

• waiting

  Component or process is currently waiting

  This state can be set by event handler when the reinvoke-with-delay action is used, and indicates that the event handler is waiting for the provided delay before reinvoking the instance.

Indicates the Association Number (AN) of the previous Security Association key (SAK)

This number is concatenated with an SCI to identify an Secure Association SA.

Indicates the Key Identifier (KI) of the previous SAK

This number is derived from the Member Identifier (MI) of the key server and the key number.

• enable

• disable

MACsec window size, as defined by the number of out-of-order frames that are accepted.

A value of 0 means that frames are accepted only in the correct order.

Indicates the summation of counter /macsec/rx-sa/not-using-sa-packets

Information for all the SAs which belong to this SC.

Invalid Secure Channel RX Packets counter

This counter reflects the number of invalid received packets in a secure channel. Indicates the summation of counter /macsec/rx-sa/not-valid-packets information for all the SAs which belong to this SC.

Invalid Secure Channel RX Packets counter

This counter reflects the number of invalid received packets in a secure channel.

Valid Secure Channel RX Packets counter

This counter reflects the number of valid received packets in a secure channel. Indicates the number of octets of plain text recovered from received packets that were integrity protected and encrypted.

Secure Channel installed RX SAKs count

This counter reflects the number of SAKs that are installed in RX security channel.

Valid Secure Channel RX Packets counter

This counter reflects the number of valid received packets in a secure channel. Indicates the summation of counter /macsec/rx-sa/ok-packets information for all the SAs which belong to this SC.

Secure Channel Identifier

Every Receive Channel is uniquely identified using this field.

Secure Channel Authenticated only TX Packets counter

This counter reflects the number of authenticated only transmitted packets in a secure channel.

Secure Channel Encrypted TX Packets counter

This counter reflects the number of encrypted and authenticated transmitted packets in a secure channel.

Secure Channel Authenticated only TX octets counter

This counter reflects the number of authenticated only transmitted octets in a secure channel.

Secure Channel Encrypted TX octets counter

This counter reflects the number of encrypted and authenticated transmitted octets in a secure channel.

Secure Channel installed TX SAKs count

This counter reflects the number of SAKs that are installed in TX security channel.

Secure Channel Identifier

Every Transmit Channel is uniquely identified using this field.

MACsec interface level Receive Bad Tag Packets counter

This counter will increment if MACsec is enabled on interface and incoming packet has incorrect MACsec tag.

MACsec interface level Receive No SCI Packets counter

This counter will increment if MACsec is enabled on interface and incoming packet does not have SCI field in MACsec tag.

MACsec interface level Receive Unknown SCI Packets counter

This counter will increment if MACsec is enabled on the interface and SCI present in the MACsec tag of the incoming packet does not match any SCI present in ingress SCI table.

MACsec interface level Receive untagged Packets counter

This counter will increment if MACsec is enabled on interface and the incoming packet does not have MACsec tag.

Indicates the number of transmitted packets discarded because of long lenght

The packet length is greater than the Maximum Transmission Unit (MTU) of the Ethernet physical interface.

MACsec interface level Transmit untagged Packets counter

This counter will increment if MACsec is enabled on interface and the outgoing packet is not tagged with MACsec header.

Enable mka policy

While MKA policy is enabled no policy parameters can be configured or modified.

• enable

• disable

• no-tag

  Do not put any tags into clear

• single-tag

  Put 4 bytes after the MAC header into clear

• double-tag

  Put 8 bytes after the MAC header into clear