port-security disable-timer

Syntax

port-security <port-numbers> disable-timer <seconds>

Description

Configures the timer for the port numbers of port security once the port goes to the error-disabled state.

Command context

config

Parameters

port-numbers

Specifies the port numbers. You can configure a single port or range of ports.

seconds

Sets the number of seconds after which disabled ports are automatically re-enabled. The range can be from 0 to 300 seconds.

Types of port-security modes

switch(config)# port-security 1-4
action                  Define the action in case of an intrusion detection.
address-limit           Define number of authorized addresses on the ports.
clear-intrusion-flag    Clear the intrusion indicator for the ports.
disable-timer           Configure number of seconds after which disabled ports 
                        are automatically re-enabled.
eavesdrop-prevention    Enable Eavesdrop Prevention.
learn-mode              Define the mode for acquiring authorized MAC addresses.
mac-address             Configure the addresses authorized on the ports.

How to configure the disable timer:

Configuring timer as 50 seconds for the port numbers from 1 to 10.

switch(config)# port-security 1-4 disable-timer 50
switch(config)# show port-security 1-4

Port Security

  Port : 1
  Learn Mode [Continuous] : Port-Access
  Action [None] : Send Alarm, Disable Port
  Eavesdrop Prevention [Enabled] : Enabled
  Disable Timer : 50

  Authorized Addresses
  --------------------


  Port : 2
  Learn Mode [Continuous] : Port-Access
  Action [None] : Send Alarm, Disable Port
  Eavesdrop Prevention [Enabled] : Enabled
  Disable Timer : 50

  Authorized Addresses
  --------------------

  Port : 3
  Learn Mode [Continuous] : Port-Access
  Action [None] : Send Alarm, Disable Port
  Eavesdrop Prevention [Enabled] : Enabled
  Disable Timer : 50

  Authorized Addresses
  --------------------


  Port : 4
  Learn Mode [Continuous] : Port-Access
  Action [None] : Send Alarm, Disable Port
  Eavesdrop Prevention [Enabled] : Enabled
  Disable Timer : 50

  Authorized Addresses
  --------------------

To check Intrusion

switch(config)#sh int brief 1-4

 Status and Counters - Port Status

                          | Intrusion                           MDI  Flow Bcast
  Port         Type       | Alert     Enabled Status Mode       Mode Ctrl Limit
  ------------ ---------- + --------- ------- ------ ---------- ---- ---- -----
  1            100/1000T  | Yes        Yes     Up     1000FDx    Auto off  0
  2            100/1000T  | Yes        Yes     Down   1000FDx    Auto off  0
  3            100/1000T  | No         Yes     Up     1000FDx    MDI  off  0
  4            100/1000T  | Yes        Yes     Down   1000FDx    Auto off  0

To check event logs

To check the debug log for port security, you can enable debug security port-security command. Check the logs in reversible order by using following command:

switch(config)#sh log -r

Keys: W=Warning I=Information
M=Major D=Debug E=Error

---- Reverse event Log listing: Events Since Boot ----

I 03/11/18 12:31:19 00001 vlan: ST1-CMDR: VLAN10 virtual LAN enabled (122 times
in 60 seconds)

I 03/11/18 12:31:19 00076 ports: ST1-CMDR: port 1/A1 is now on-line

I 03/11/18 12:31:17 03125 mgr: ST1-CMDR: Startup configuration changed by
unknown. New seq. number 186

I 03/11/18 12:31:17 02611 mgr: ST1-CMDR: port-security subsystem saved some
internal change(s) to startup config.

I 03/11/18 12:31:17 05754 fault: ST1-CMDR: port-security disable
timer expired for port:1/A1

I 03/11/18 12:30:27 00002 vlan: ST1-CMDR: VLAN10 virtual LAN disabled
(121 times in 60 seconds)
03/11/18 12:30:27 00077 ports: ST1-CMDR: port 1/A1 is now off-line

I 03/11/18 12:30:27 03125 mgr: ST1-CMDR: Startup configuration changed by
unknown. New seq. number 185

I 03/11/18 12:30:27 02611 mgr: ST1-CMDR: port-security subsystem saved some internal
change(s) to startup config. W 03/11/18 12:30:26 00334
FFI: ST1-CMDR: Port 1/A1 - Security violation caused by MAC address 300002-b85107.

I 03/11/18 12:30:26 05753 fault: ST1-CMDR: Port-security
disable timer set for port:1/A1

Supported platforms:

  • 2930F/2930M
  • 2930F VSF
  • 2930M Stack
  • 3810 [Standalone/Stack]
  • 5400R [Standalone/VSF]