cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
39318
Views
18
Helpful
16
Replies

view port-security disabled port

Krasnoperov
Level 1
Level 1

Hi, I have a lots of cisco catalyst switches, and I need to find out wich switch has port with port-security feature disabled.

I have a comand show port-security, but it shows me just enabled  port-security feature on ports, but I need opposite info, may be someone know how to view port table without port security

thanks

16 Replies 16

Leo Laohoo
Hall of Fame
Hall of Fame

sh interface status err-disabled

thanks but, I think you dont understand my question, your comand just shows err-disabled port, but with ports everything OK, they are int working state, no violation happends for now. let me explain on example, I have two ports in my config

interface FastEthernet0/2

switchport mode access

switchport block multicast

switchport block unicast

switchport port-security

switchport port-security violation restrict

switchport port-security mac-address sticky

storm-control broadcast level 5.00 4.00

storm-control multicast level 5.00 4.00

storm-control action trap

!

interface FastEthernet0/3

switchport mode access

switchport port-security maximum 2

storm-control broadcast level 5.00 4.00

storm-control multicast level 5.00 4.00

storm-control action trap

on interface 0/2 I have a command

switchport port-security

it means my port is secure

on interface 0/3 I dont have this command

it means it's unsecure

so I need to some show...bla-bla-bla writen in one line to see ONLY unsecure interfaces

Hi

Is this good enough ?

sh ru | i (interface|port-security)

or

sh ru | i (interface|violation)

This will still give you all ports but it will also tell you wich are configured and wich is not configured.

interface GigabitEthernet1/0/7

interface GigabitEthernet1/0/8

switchport port-security violation restrict

interface GigabitEthernet1/0/9

interface GigabitEthernet1/0/10

as you can see here Gig1/0/8 is configured the others are not since they have no row of switchport port-security beneath them.

.

This sh ru will pick out any line with "interface" and any line with "port-security" (or "violation)

Good luck

HTH

thanks, but this comands just show interface number and lines with %port-security%, in your example it doesn't mean that

interface configured for port security, because only intrface with \switchport port-security\ and nothing after that is secured, for example:

(non secured)

sh run int g1/0/8

!

interface GigabitEthernet1/0/8

switchport port-security violation restrict

(secured)

sh run int g1/0/8

!

interface GigabitEthernet1/0/8

switchport port-security

switchport port-security violation restrict

How can just interface with this?

Hi

If you use the word port-security instead of violation then it will show you just that.

sh ru | i (interface|port-security)

It will still give you all the rest but it will give you the line with port-security only.

so you will be able to tell if it is connected or not.

@hobbe:

Thank you very much. You point me to the right direction.

@Krasnoperov

Can you try this command?

sh ru | i (interface|port-security$)

cadet alain
VIP Alumni
VIP Alumni

Hi,

sh  run  | exc port-security

Regards.

Alain

Don't forget to rate helpful posts.

nope it's just shows ALL (not just inteface section) line in my config WITHOUT port-security lines, and I see all interfaces with&without portsecurity

So you want to see wich port are not configured with port-security command...I don't think it's possible... it is faster to do a show run and use find function. But maybe i'm wrong... i've thinked same solution who Cadet had suggested but if not work i've no idea...

Hi,

I've got no switch here to verify but you could try sh run interface | exc port-security

Regards.

Alain.

Don't forget to rate helpful posts.

I just tested that cadet, if you do that, it will show all ther interfaces but just excluding the port-security configuration statements. I was not able to get a single command to do this, but you can modify the following one.

show port-security interface gi0/1 | i Port Security|Disabled

This will show you if the port has port security enabled or disabled.

You can just modify each statement if you want. Personally I would

just do a show run, but each his own.

Hope that helped.

thanks but it's only for 1 port, and I need to view all ports, so I need to do this command for each

sh run interface

% Incomplete command.

so I need to define just one interface in this command,

and I need to view all ports, so I need to do this command for each

You could setup a macro to do this for you actually....

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco