TheLink circuit infosection displays the following information:
Google circuit ID:the name of the link circuit.
Link state:the LACP member link's physical state displays acheck_circleCheckandActiveto indicate that the LACP member link is up.
MACsec key name:the field is empty when MACsec is disabled.
Receiving optical power:acheck_circlecheckindicates an
acceptable connection. The optical light level that the physical
interface detects from the remote transmitter is displayed indBm.
Transmitting optical power:acheck_circlecheckindicates an
acceptable connection and the optical light level that the physical
interface is transmitting to the remote receiver is displayed in dBm.
MACsec configurationdisplaysDisabledto indicate that MACsec
encryption is disabled on the link.
gcloud
To verify your Cloud Interconnect MACsec configuration, run the
following command:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Disable MACsec\n\nThis page describes how to disable MACsec for Cloud Interconnect.\n\nYou can disable MACsec, which can be useful when troubleshooting your\nconnection.\n| **Important:** When you disable MACsec on your Cloud Interconnect connection, the connection temporarily experiences packet loss. To avoid disruption to your connectivity, verify that there is no traffic on your Cloud Interconnect VLAN attachments before disabling MACsec for Cloud Interconnect.\n\nDisable MACsec for Cloud Interconnect\n-------------------------------------\n\nSelect one of the following options: \n\n### Console\n\n1. In the Google Cloud console, go to the Cloud Interconnect **Physical\n connections** tab.\n\n [Go to Physical connections](https://console.cloud.google.com/hybrid/interconnects/list?tab=interconnects)\n2. Select the connection that you want to modify.\n\n3. On the **MACsec** tab, click **Disable**.\n\n In the confirmation dialog, read the message, and then click **Confirm**\n to confirm that you want to disable MACsec, or **Cancel** to cancel.\n\n### gcloud\n\nTo disable MACsec for Cloud Interconnect, run the following command: \n\n gcloud compute interconnects macsec update \u003cvar translate=\"no\"\u003eINTERCONNECT_CONNECTION_NAME\u003c/var\u003e \\\n --no-enabled\n\nReplace \u003cvar translate=\"no\"\u003eINTERCONNECT_CONNECTION_NAME\u003c/var\u003e with the name of your\nCloud Interconnect connection.\n\nVerify MACsec configuration\n---------------------------\n\nSelect one of the following options: \n\n### Console\n\n1. In the Google Cloud console, go to the Cloud Interconnect **Physical\n connections** tab.\n\n [Go to Physical connections](https://console.cloud.google.com/hybrid/interconnects/list?tab=interconnects)\n2. Select the connection that you want to view.\n\n3. The **Link circuit info** section displays the following information:\n\n - **Google circuit ID:** the name of the link circuit.\n\n - **Link state:** the LACP member link's physical state displays a check_circle\n **Check** and **Active** to indicate that the LACP member link is up.\n\n - **MACsec key name:** the field is empty when MACsec is disabled.\n\n - **Receiving optical power:** a check_circle**check** indicates an\n acceptable connection. The optical light level that the physical\n interface detects from the remote transmitter is displayed in\n [dBm](https://en.wikipedia.org/wiki/DBm).\n\n - **Transmitting optical power:** a check_circle**check** indicates an\n acceptable connection and the optical light level that the physical\n interface is transmitting to the remote receiver is displayed in dBm.\n\n4. **MACsec configuration** displays **Disabled** to indicate that MACsec\n encryption is disabled on the link.\n\n### gcloud\n\nTo verify your Cloud Interconnect MACsec configuration, run the\nfollowing command: \n\n gcloud compute interconnects describe \u003cvar translate=\"no\"\u003eINTERCONNECT_CONNECTION_NAME\u003c/var\u003e\n\nThe output is similar to the following: \n\n adminEnabled: true\n availableFeatures:\n - IF_MACSEC\n circuitInfos:\n - customerDemarcId: fake-peer-demarc-0\n googleCircuitId: LOOP-0\n googleDemarcId: fake-local-demarc-0\n creationTimestamp: '2021-10-05T03:39:33.888-07:00'\n customerName: Fake Company\n description: something important\n googleReferenceId: '123456789'\n id: '12345678987654321'\n interconnectAttachments:\n - https://www.googleapis.com/compute/v1/projects/my-project1/regions/us-central1/interconnectAttachments/interconnect-123456-987654321-0\n interconnectType: IT_PRIVATE\n kind: compute#interconnect\n labelFingerprint: 12H17262736_\n linkType: LINK_TYPE_ETHERNET_10G_LR\n location: https://www.googleapis.com/compute/v1/projects/my-project1/global/interconnectLocations/cbf-zone2-65012\n macsec:\n failOpen: false\n preSharedKeys:\n - name: key1\n startTime: 2023-07-01T21:00:01.000Z\n macsecEnabled: false\n name: \u003cvar translate=\"no\"\u003e\u003cspan class=\"devsite-syntax-l devsite-syntax-l-Scalar devsite-syntax-l-Scalar-Plain\"\u003eINTERCONNECT_CONNECTION_NAME\u003c/span\u003e\u003c/var\u003e\n operationalStatus: OS_ACTIVE\n provisionedLinkCount: 1\n requestedFeatures:\n - IF_MACSEC\n requestedLinkCount: 1\n selfLink: https://www.googleapis.com/compute/v1/projects/my-project1/global/interconnects/\u003cvar translate=\"no\"\u003eINTERCONNECT_CONNECTION_NAME\u003c/var\u003e\n selfLinkWithId: https://www.googleapis.com/compute/v1/projects/my-project1/global/interconnects/12345678987654321\n state: ACTIVE\n\nThe following items specify the MACsec connections's configuration:\n\n- **`macsec.failOpen`:** the connection's behavior if\n Cloud Interconnect can't establish an MKA session with your\n router. The value is either of the following:\n\n - **`false`:** if an MKA session can't be established, then\n Cloud Interconnect drops all traffic.\n\n - **`true`:** if an MKA session can't be established, then\n Cloud Interconnect passes unencrypted traffic.\n\n- **`macsec.preSharedKeys.name`:** the list of all pre-shared keys\n configured for Cloud Interconnect on this link.\n\n- **`macsec.preSharedKeys.startTime`:** when the current pre-shared key\n became valid. All keys have infinite validity.\n\n- **`macsecEnabled`:** MACsec status for Cloud Interconnect on this\n link. The value is either of the following:\n\n - **`false`:** MACsec for Cloud Interconnect is off.\n\n - **`true`:** MACsec for Cloud Interconnect is on.\n\nThis command doesn't display MACsec operational status.\n\nWhat's next?\n------------\n\n- [View MACsec status](/network-connectivity/docs/interconnect/how-to/macsec/view-macsec-status)\n- [Rotate MACsec keys](/network-connectivity/docs/interconnect/how-to/macsec/rotate-macsec-keys)"]]
