Viewing

Displaying port security settings

Syntax

show port-security

show port-security port number

show port-security [ port number- port number ] . . . [,port number]

The CLI uses the same command to provide two types of port security listings:

  • All ports on the switch with their Learn Mode and (alarm) Action

  • Only the specified ports with their Learn Mode, Address Limit, (alarm) Action, and Authorized Addresses

Without port parameters,show port-security displays Operating Control settings for all ports on a switch.

Port security listing (ports A7 and A8 show the default setting)

With port numbers included in the command, show port-security displays Learn Mode, Address Limit, (alarm) Action, and Authorized Addresses for the specified ports on a switch. The following example lists the full port security configuration for a single port:

The port security configuration display for a single port

The next example shows the option for entering a range of ports, including a series of non-contiguous ports. Note that no spaces are allowed in the port number portion of the command string:

switch(config)# show port-security A1-A3,A6,A8

Displaying ARP Packet Statistics

To display statistics about forwarded ARP packets, dropped ARP packets, MAC validation failure, and IP validation failures, enter the show arp-protect statistics <vid-range>command:

Show arp-protect statistics Command

Monitoring Dynamic ARP Protection

When dynamic ARP protection is enabled, you can monitor and troubleshoot the validation of ARP packets with the debug arp-protect command. Use this command when you want to debug the following conditions:

  • The switch is dropping valid ARP packets that should be allowed.

  • The switch is allowing invalid ARP packets that should be dropped.

Debug arp-protect command

Debug arp-protect command

Listing authorized and detected MAC addresses

Syntax

show mac-address [ port-list | mac-address | vlan vid]

Without an optional parameter, show mac-address lists the authorized MAC addresses that the switch detects on all ports.

mac-address

Lists the specified MAC address with the port on which it is detected as an authorized address.

port list

Lists the authorized MAC addresses detected on the specified ports.

vlan <vid>

Lists the authorized MAC addresses detected on ports belonging to the specified VLAN.

Show mac-address outputs

Viewing the current instrumentation monitor configuration

The show instrumentation monitor configuration command displays the configured thresholds for monitored parameters.

Viewing the instrumentation monitor configuration

An alternate method of determining the current Instrumentation Monitor configuration is to use the show run command. However, the show run command output does not display the threshold values for each limit set.