view port-security disabled port

Unanswered Question
Dec 14th, 2011

Hi, I have a lots of cisco catalyst switches, and I need to find out wich switch has port with port-security feature disabled.

I have a comand show port-security, but it shows me just enabled  port-security feature on ports, but I need opposite info, may be someone know how to view port table without port security


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Leo Laohoo Wed, 12/14/2011 - 00:50

sh interface status err-disabled

Krasnoperov Wed, 12/14/2011 - 01:12

thanks but, I think you dont understand my question, your comand just shows err-disabled port, but with ports everything OK, they are int working state, no violation happends for now. let me explain on example, I have two ports in my config

interface FastEthernet0/2

switchport mode access

switchport block multicast

switchport block unicast

switchport port-security

switchport port-security violation restrict

switchport port-security mac-address sticky

storm-control broadcast level 5.00 4.00

storm-control multicast level 5.00 4.00

storm-control action trap


interface FastEthernet0/3

switchport mode access

switchport port-security maximum 2

storm-control broadcast level 5.00 4.00

storm-control multicast level 5.00 4.00

storm-control action trap

on interface 0/2 I have a command

switchport port-security

it means my port is secure

on interface 0/3 I dont have this command

it means it's unsecure

so I need to some show...bla-bla-bla writen in one line to see ONLY unsecure interfaces

hobbe Thu, 03/15/2012 - 06:01


Is this good enough ?

sh ru | i (interface|port-security)


sh ru | i (interface|violation)

This will still give you all ports but it will also tell you wich are configured and wich is not configured.

interface GigabitEthernet1/0/7

interface GigabitEthernet1/0/8

switchport port-security violation restrict

interface GigabitEthernet1/0/9

interface GigabitEthernet1/0/10

as you can see here Gig1/0/8 is configured the others are not since they have no row of switchport port-security beneath them.


This sh ru will pick out any line with "interface" and any line with "port-security" (or "violation)

Good luck


Krasnoperov Thu, 03/15/2012 - 06:21

thanks, but this comands just show interface number and lines with %port-security%, in your example it doesn't mean that

interface configured for port security, because only intrface with \switchport port-security\ and nothing after that is secured, for example:

(non secured)

sh run int g1/0/8


interface GigabitEthernet1/0/8

switchport port-security violation restrict


sh run int g1/0/8


interface GigabitEthernet1/0/8

switchport port-security

switchport port-security violation restrict

How can just interface with this?

hobbe Thu, 03/15/2012 - 06:27


If you use the word port-security instead of violation then it will show you just that.

sh ru | i (interface|port-security)

It will still give you all the rest but it will give you the line with port-security only.

so you will be able to tell if it is connected or not.

michaelillgen Thu, 03/15/2012 - 06:30


Thank you very much. You point me to the right direction.


Can you try this command?

sh ru | i (interface|port-security$)

cadet alain Wed, 12/14/2011 - 00:54


sh  run  | exc port-security



Krasnoperov Wed, 12/14/2011 - 01:15

nope it's just shows ALL (not just inteface section) line in my config WITHOUT port-security lines, and I see all interfaces with&without portsecurity

Beetlejuice01 Wed, 12/14/2011 - 02:14

So you want to see wich port are not configured with port-security command...I don't think it's possible... it is faster to do a show run and use find function. But maybe i'm wrong... i've thinked same solution who Cadet had suggested but if not work i've no idea...

cadet alain Wed, 12/14/2011 - 03:03


I've got no switch here to verify but you could try sh run interface | exc port-security



JohnTylerPearce Wed, 12/14/2011 - 05:54

I just tested that cadet, if you do that, it will show all ther interfaces but just excluding the port-security configuration statements. I was not able to get a single command to do this, but you can modify the following one.

show port-security interface gi0/1 | i Port Security|Disabled

This will show you if the port has port security enabled or disabled.

You can just modify each statement if you want. Personally I would

just do a show run, but each his own.

Hope that helped.

Krasnoperov Sun, 12/18/2011 - 23:48

thanks but it's only for 1 port, and I need to view all ports, so I need to do this command for each

Krasnoperov Sun, 12/18/2011 - 23:49

sh run interface

% Incomplete command.

so I need to define just one interface in this command,

and I need to view all ports, so I need to do this command for each

JohnTylerPearce Mon, 12/19/2011 - 04:34

You could setup a macro to do this for you actually....

michaelillgen Thu, 03/15/2012 - 03:43


Have you found a solution for your problem? I would like to see all the ports which have no 802.1x authentication enabled too. But unfortunately I have no idea how to do this.

Krasnoperov Thu, 03/15/2012 - 04:53

Nope, unfortunatly. But as far as I know, this shuld be done with TCL, but I not coder person...


Login or Register to take actions

This Discussion

Posted December 14, 2011 at 12:44 AM
Replies:16 Overall Rating:5
Views:2197 Votes:0
Tags: No tags.

Discussions Leaderboard

Rank Username Points
Jon Marshall
Reza Sharifi
Giuseppe Larosa
Peter Paluch
Leo Laohoo
Rank Username Points
Jon Marshall
Reza Sharifi
Joseph W. Doherty
Peter Paluch
Bilal Nawaz