Hi, I have a lots of cisco catalyst switches, and I need to find out wich switch has port with port-security feature disabled.
I have a comand show port-security, but it shows me just enabled port-security feature on ports, but I need opposite info, may be someone know how to view port table without port security
thanks
sh interface status err-disabled
thanks but, I think you dont understand my question, your comand just shows err-disabled port, but with ports everything OK, they are int working state, no violation happends for now. let me explain on example, I have two ports in my config
interface FastEthernet0/2
switchport mode access
switchport block multicast
switchport block unicast
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address sticky
storm-control broadcast level 5.00 4.00
storm-control multicast level 5.00 4.00
storm-control action trap
!
interface FastEthernet0/3
switchport mode access
switchport port-security maximum 2
storm-control broadcast level 5.00 4.00
storm-control multicast level 5.00 4.00
storm-control action trap
on interface 0/2 I have a command
switchport port-security
it means my port is secure
on interface 0/3 I dont have this command
it means it's unsecure
so I need to some show...bla-bla-bla writen in one line to see ONLY unsecure interfaces
Hi
Is this good enough ?
sh ru | i (interface|port-security)
or
sh ru | i (interface|violation)
This will still give you all ports but it will also tell you wich are configured and wich is not configured.
interface GigabitEthernet1/0/7
interface GigabitEthernet1/0/8
switchport port-security violation restrict
interface GigabitEthernet1/0/9
interface GigabitEthernet1/0/10
as you can see here Gig1/0/8 is configured the others are not since they have no row of switchport port-security beneath them.
.
This sh ru will pick out any line with "interface" and any line with "port-security" (or "violation)
Good luck
HTH
thanks, but this comands just show interface number and lines with %port-security%, in your example it doesn't mean that
interface configured for port security, because only intrface with \switchport port-security\ and nothing after that is secured, for example:
(non secured)
sh run int g1/0/8
!
interface GigabitEthernet1/0/8
switchport port-security violation restrict
(secured)
sh run int g1/0/8
!
interface GigabitEthernet1/0/8
switchport port-security
switchport port-security violation restrict
How can just interface with this?
Hi
If you use the word port-security instead of violation then it will show you just that.
sh ru | i (interface|port-security)
It will still give you all the rest but it will give you the line with port-security only.
so you will be able to tell if it is connected or not.
@hobbe:
Thank you very much. You point me to the right direction.
@Krasnoperov
Can you try this command?
sh ru | i (interface|port-security$)
Hi,
sh run | exc port-security
Regards.
Alain
nope it's just shows ALL (not just inteface section) line in my config WITHOUT port-security lines, and I see all interfaces with&without portsecurity
So you want to see wich port are not configured with port-security command...I don't think it's possible... it is faster to do a show run and use find function. But maybe i'm wrong... i've thinked same solution who Cadet had suggested but if not work i've no idea...
Hi,
I've got no switch here to verify but you could try sh run interface | exc port-security
Regards.
Alain.
I just tested that cadet, if you do that, it will show all ther interfaces but just excluding the port-security configuration statements. I was not able to get a single command to do this, but you can modify the following one.
show port-security interface gi0/1 | i Port Security|Disabled
This will show you if the port has port security enabled or disabled.
You can just modify each statement if you want. Personally I would
just do a show run, but each his own.
Hope that helped.
thanks but it's only for 1 port, and I need to view all ports, so I need to do this command for each
sh run interface
% Incomplete command.
so I need to define just one interface in this command,
and I need to view all ports, so I need to do this command for each
You could setup a macro to do this for you actually....