Cisco 3750G: do switchport security defaults show up?

Deathmage

Hey guys,

so I'm doing the following in the Cisco 3750G.

I know I remember learning that the default switchport port-security violation is shutdown. So if I set the port range to shutdown on violation does it by default not show up? - I'm leaning towards a yes, but I figured I'd ask since I'm curious.

Note: forgive my laziness I press tab allot to autofill lines,


Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#show config | begin inter
vlan internal allocation policy ascending
!
!
!
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/4
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/5
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/6
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/7
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/8
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/9
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/10
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/11
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/12
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
!
interface GigabitEthernet1/0/15

Cisco-3750G-Top#config t
Enter configuration commands, one per line. End with CNTL/Z.
Cisco-3750G-Top(config)#inter range giga1/0/3 - 12
Cisco-3750G-Top(config-if-range)#switch
Cisco-3750G-Top(config-if-range)#switchport port
Cisco-3750G-Top(config-if-range)#switchport port-security vio
Cisco-3750G-Top(config-if-range)#switchport port-security violation ?
protect Security violation protect mode
restrict Security violation restrict mode
shutdown Security violation shutdown mode

Cisco-3750G-Top(config-if-range)#switchport port-security violation shut
Cisco-3750G-Top(config-if-range)#switchport port-security violation shutdown
Cisco-3750G-Top(config-if-range)#exit
Cisco-3750G-Top(config)#exit
Cisco-3750G-Top#wr
00:50:04: %SYS-5-CONFIG_I: Configured from console by console mwem
Cisco-3750G-Top#wr mem
Building configuration...
[OK]
Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#
Cisco-3750G-Top#show config | begin inter
vlan internal allocation policy ascending
!
!
!
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/0/3
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/4
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/5
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/6
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/7
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/8
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/9
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/10
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/11
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/12
description "VMware Lab Live Network"
switchport mode access
switchport port-security maximum 2
switchport port-security
switchport port-security aging time 500
switchport port-security mac-address sticky
!
interface GigabitEthernet1/0/13
!
interface GigabitEthernet1/0/14
--More--

HAMP

To see what type of violation set, type

# Show Port-security

I don't think the default information will show up in 'Show run' or even in the 'show run int', but with 'Show port-security'

Deathmage

Ya if I do a 'show port-security interface gigabit1/0/1 through 2/24/2' it works fine. But only individually.

Wish it showed up in the running/startup config.

HAMP

Deathmage wrote: »

Ya if I do a 'show port-security interface gigabit1/0/1 through 2/24/2' it works fine. But only individually.

Wish it showed up in the running/startup config.

Only use:
# Show port-security

It will show you a list of all interfaces with individual violation it is set to. Only add 'interface' at the end of that command to get details per interface. To get the information you want to see as if you typed sho run, simply use the 'Show port-security'

But,

When you do a 'sho run', and you see everything except the default violation, and while the other two will show(restrict or protect) , you can always and should verify with a show port-security

Deathmage

HAMP wrote: »

Only use:
# Show port-security

It will show you a list of all interfaces with individual violation it is set to. Only add 'interface' at the end of that command to get details per interface. To get the information you want to see as if you typed sho run, simply use the 'Show port-security'

But,

When you do a 'sho run', and you see everything except the default violation, and while the other two will show(restrict or protect) , you can always and should verify with a show port-security

Koodos.

mikeybinec

sh port sec int fa0/0 (for example)