show port security

Displays the port security information.

Syntax

show port security [ ethernet stack/slot/port [ restricted-macs ] ]

show port security mac [ ethernet stack/slot/port | unit stack-unit-num ]

show port security statistics [ ethernet stack/slot/port | unit stack-unit-num [ brief ] ]

Parameters

ethernet stack/slot/port: Specified Ethernet interface.
restricted-macs: Displays information about restricted MAC addresses on the specified port.
mac: Displays secure MAC addresses configured on a device.
unit stack-unit-num: Specifies the stack unit number.
statistics: Displays port security statistics.
brief: Displays brief information.

Modes

User EXEC mode

Privileged EXEC mode

Global configuration mode

Port security configuration mode

Port security interface configuration mode

Usage Guidelines

The show port security command without any options displays the port security settings for all the ports.

Command Output

The show port security ethernet command displays the following information:

Output field	Description
Port	The slot and port number of the interface.
Security	Whether port security has been enabled on the interface.
Violation	The action to be undertaken when a security violation occurs, either "shutdown" or "restrict".
Shutdown-Time	The number of seconds a port is shut down following a security violation, if the port is set to "shutdown" when a violation occurs.
Age-Time	The amount of time, in minutes, MAC addresses learned on the port will remain secure.
Max-MAC	The maximum number of secure MAC addresses that can be learned on the interface.

The show port security mac command displays the following information:

Output field	Description
Port	The slot and port number of the interface.
Num-Addr	The number of MAC addresses secured on this interface.
Secure-Src-Addr	The secure MAC address.
Resource	Whether the address was secured using a local or global resource.
Age-Left	The number of minutes the MAC address will remain secure.
Shutdown/Time-Left	Whether the interface has been shut down due to a security violation and the number of seconds before it is enabled again.

NOTE

After every switchover or failover, the MAC "Age-Left" timer is reset to start because it is not synchronized between the master and the standby stack unit.

The show port security statistics command displays the following information:

Output field	Description
Port	The slot and port number of the interface.
Total-Addrs	The total number of secure MAC addresses on the interface.
Maximum-Addrs	The maximum number of secure MAC addresses on the interface.
Violation	The number of security violations on the port.
Shutdown/Time-Left	Whether the port has been shut down due to a security violation and the number of seconds before it is enabled again.

Examples

The following example displays the port security settings for port 1/1/1.

device# show port security ethernet 1/1/1
Port  Security Violation Shutdown-Time Age-Time  Max-MAC
----- -------- --------- ------------- --------- -------
1/1/1 disabled shutdown   10             10        1

The following example shows the list of secure MAC addresses configured on the device.

device# show port security mac
Port   Num-Addr  Secure-Src-Addr  Resource  Age-Left  Shutdown/Time-Left
-----  --------  ---------------  --------  --------- ------------------
1/1/1   1        0000.018.747c     Local     10          no

The following example displays port security statistics for interface 1/1/1.

device# show port security statistics ethernet 1/1/1
Port   Total-Addrs Maximum-Addrs Violation Shutdown/Time-Left
-----  ----------- ------------- --------- ------------------
1/1/1   1          1               0          no

Contents