12-14-2011 12:44 AM - edited 03-07-2019 03:53 AM
Hi, I have a lots of cisco catalyst switches, and I need to find out wich switch has port with port-security feature disabled.
I have a comand show port-security, but it shows me just enabled port-security feature on ports, but I need opposite info, may be someone know how to view port table without port security
thanks
12-14-2011 12:50 AM
sh interface status err-disabled
12-14-2011 01:12 AM
thanks but, I think you dont understand my question, your comand just shows err-disabled port, but with ports everything OK, they are int working state, no violation happends for now. let me explain on example, I have two ports in my config
interface FastEthernet0/2
switchport mode access
switchport block multicast
switchport block unicast
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
storm-control broadcast level 5.00 4.00
storm-control multicast level 5.00 4.00
storm-control action trap
!
interface FastEthernet0/3
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 5.00 4.00
storm-control multicast level 5.00 4.00
storm-control action trap
on interface 0/2 I have a command
switchport port-security
it means my port is secure
on interface 0/3 I dont have this command
it means it's unsecure
so I need to some show...bla-bla-bla writen in one line to see ONLY unsecure interfaces
03-15-2012 06:01 AM
Hi
Is this good enough ?
sh ru | i (interface|port-security)
or
sh ru | i (interface|violation)
This will still give you all ports but it will also tell you wich are configured and wich is not configured.
interface GigabitEthernet1/0/7
interface GigabitEthernet1/0/8
switchport port-security violation restrict
interface GigabitEthernet1/0/9
interface GigabitEthernet1/0/10
as you can see here Gig1/0/8 is configured the others are not since they have no row of switchport port-security beneath them.
.
This sh ru will pick out any line with "interface" and any line with "port-security" (or "violation)
Good luck
HTH
03-15-2012 06:21 AM
thanks, but this comands just show interface number and lines with %port-security%, in your example it doesn't mean that
interface configured for port security, because only intrface with \switchport port-security\ and nothing after that is secured, for example:
(non secured)
sh run int g1/0/8
!
interface GigabitEthernet1/0/8
switchport port-security violation restrict
(secured)
sh run int g1/0/8
!
interface GigabitEthernet1/0/8
switchport port-security
switchport port-security violation restrict
How can just interface with this?
03-15-2012 06:27 AM
Hi
If you use the word port-security instead of violation then it will show you just that.
sh ru | i (interface|port-security)
It will still give you all the rest but it will give you the line with port-security only.
so you will be able to tell if it is connected or not.
03-15-2012 06:30 AM
@hobbe:
Thank you very much. You point me to the right direction.
@Krasnoperov
Can you try this command?
sh ru | i (interface|port-security$)
12-14-2011 12:54 AM
Hi,
sh run | exc port-security
Regards.
Alain
12-14-2011 01:15 AM
nope it's just shows ALL (not just inteface section) line in my config WITHOUT port-security lines, and I see all interfaces with&without portsecurity
12-14-2011 02:14 AM
So you want to see wich port are not configured with port-security command...I don't think it's possible... it is faster to do a show run and use find function. But maybe i'm wrong... i've thinked same solution who Cadet had suggested but if not work i've no idea...
12-14-2011 03:03 AM
Hi,
I've got no switch here to verify but you could try sh run interface | exc port-security
Regards.
Alain.
12-14-2011 05:54 AM
I just tested that cadet, if you do that, it will show all ther interfaces but just excluding the port-security configuration statements. I was not able to get a single command to do this, but you can modify the following one.
show port-security interface gi0/1 | i Port Security|Disabled
This will show you if the port has port security enabled or disabled.
You can just modify each statement if you want. Personally I would
just do a show run, but each his own.
Hope that helped.
12-18-2011 11:48 PM
thanks but it's only for 1 port, and I need to view all ports, so I need to do this command for each
12-18-2011 11:49 PM
sh run interface
% Incomplete command.
so I need to define just one interface in this command,
and I need to view all ports, so I need to do this command for each
12-19-2011 04:34 AM
You could setup a macro to do this for you actually....
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: