display port-security
Syntax
display port-security [ interface interface-list ] [ | { begin | exclude | include } regular-expression ]
View
Any view
Default level
2: System level
Parameters
interface interface-list: Specifies Ethernet ports by an Ethernet port list in the format of { interface-type interface-number [ to interface-type interface-number ] }&<1-10>, where &<1-10> means that you can specify up to 10 ports or port ranges. The starting port and ending port of a port range must be of the same type, and the ending port number must be greater than the starting port number.
|: Filters command output by specifying a regular expression. For more information about regular expressions, see Fundamentals Configuration Guide.
begin: Displays the first line that matches the specified regular expression and all lines that follow.
exclude: Displays all lines that do not match the specified regular expression.
include: Displays all lines that match the specified regular expression.
regular-expression: Specifies a regular expression, a case-sensitive string of 1 to 256 characters.
Description
Use display port-security to display port security configuration information, operation information, and statistics for one or more ports.
If the interface interface-list parameter is not provided, the command displays port security information, operation information, and status about all ports.
Related commands: port-security enable, port-security port-mode, port-security ntk-mode, port-security intrusion-mode, port-security max-mac-count, port-security mac-address security, port-security authorization ignore, port-security oui, and port-security trap.
Examples
# Display port security configuration information, operation information, and statistics for all ports.
<Sysname> display port-security Equipment port-security is enabled AddressLearn trap is enabled Intrusion trap is enabled Dot1x logon trap is enabled Dot1x logoff trap is enabled Dot1x logfailure trap is enabled RALM logon trap is enabled RALM logoff trap is enabled RALM logfailure trap is enabled AutoLearn aging time is 1 minutes Disableport Timeout: 20s OUI value: Index is 1, OUI value is 000d1a Index is 2, OUI value is 003c12 Ethernet1/0/1 is link-down Port mode is userLoginWithOUI NeedToKnow mode is NeedToKnowOnly Intrusion Portection mode is DisablePort Max MAC address number is 50 Stored MAC address number is 0 Authorization is ignored Security MAC address learning mode is sticky Security MAC address aging type is absolute Ethernet1/0/2 is link-down Port mode is noRestriction NeedToKnow mode is disabled Intrusion mode is NoAction Max MAC address number is not configured Stored MAC address number is 0 Authorization is permitted Security MAC address learning mode is sticky Security MAC address aging type is absolute
Table 22: Command output
Field | Description |
---|---|
Equipment port-security | Whether the port security is enabled or not. |
AddressLearn trap | Whether trapping for MAC address learning is enabled or not. If it is enabled, the port sends trap information after it learns a new MAC address. |
Intrusion trap | Whether trapping for intrusion protection is enabled or not. If it is enabled, the port sends trap information after it detects illegal packets. |
Dot1x logon trap | Whether trapping for 802.1X logon is enabled or not. If it is enabled, the port sends trap information after a user passes 802.1X authentication. |
Dot1x logoff trap | Whether trapping for 802.1X logoff is enabled or not. If it is enabled, the port sends trap information after an 802.1X user logs off. |
Dot1x logfailure | Whether trapping for 802.1X authentication failure is enabled or not. If it is enabled, the port sends trap information after a user fails 802.1X authentication. |
RALM logon trap | Whether trapping for MAC authentication success is enabled or not. If it is enabled, the port sends trap information when a user passes MAC address authentication. |
RALM logoff trap | Whether trapping for MAC authenticated user logoff is enabled or not. If it is enabled, traps are sent when a MAC address authenticated user logs off. |
RALM logfailure trap | Whether trapping for MAC authentication failure is enabled or not. If it is enabled, the port sends trap information when a user fails MAC address authentication. |
AutoLearn aging time | Secure MAC aging timer. The timer applies to sticky or dynamic secure MAC addresses. |
Disableport Timeout | Silence timeout period of the port that receives illegal packets, in seconds. |
OUI value | List of OUI values allowed |
Port mode | Port security mode:
|
NeedToKnow mode | Need to know (NTK) mode:
|
Intrusion mode | Intrusion protection action mode:
|
Max MAC address number | Maximum number of MAC addresses that port security allows on the port. |
Stored MAC address number | Number of MAC addresses stored |
Authorization | Whether the authorization information from the server is ignored or not:
|
Security MAC address learning mode | Secure MAC address learning mode:
|
Security MAC address aging type | Secure MAC address aging type:
|