Port Security

controlcontrol Member Posts: 309
in CCNA & CCENT
If a port is in Restrict mode, is there a way to see if the actual restrict mode has been triggered?

E.G If I do a show port-security interface xx would the port status say Restrict? I know the violation mode says Restrict, but I want to know if I can check if it has been triggered or not.

I don't have access to my lab at the moment to check. Also, if I amend the Maximum allowed MACS, do I need to shutdown / no shutdown the port for this new change to take effect?

Thanks
· Share on FacebookShare on Twitter

Comments

  • RoguetadhgRoguetadhg Member Posts: 2,489 ■■■■■■■■□□ 
    [B]Switch# show port-security[/B]
Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action
                (Count)       (Count)          (Count)
---------------------------------------------------------------------------
     [COLOR=#b22222] Fa3/1              2            2                  0        [/COLOR][COLOR=#ff0000][B]Restrict[/B][/COLOR]
      Fa3/2              2            2                  0         Restrict
      Fa3/3              2            2                  0         Shutdown
      Fa3/4              2            2                  0         Shutdown

    [B]Switch# show port-security interface fastethernet 5/1[/B]
Port Security              :Enabled
Port Status                :Secure-up
Violation Mode             :Restrict
Aging Time                 :15 mins
Aging Type                 :Absolute
SecureStatic Address Aging :Enabled
Maximum MAC Addresses      :2
Total MAC Addresses        :2
Configured MAC Addresses   :2
Last Source Address        :0000.0000.0401
[B][COLOR=#b22222]Security Violation Count   :[/COLOR][COLOR=#ff0000]0[/COLOR][/B]

    No. You don't need to shut/no shut the port. It changed automatically for me: 
    [B]S2(config-if)#do show port-security int fa0/1[/B]
Port Security              : Enabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
[COLOR=#ff0000]Maximum MAC Addresses      : 1[/COLOR]
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 0


[B]S2(config-if)#switchport port-security maximum 5
S2(config-if)#do show port-security int fa0/1[/B]
Port Security              : Enabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
[COLOR=#ff0000]Maximum MAC Addresses      : 5[/COLOR]
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 0
    In order to succeed, your desire for success should be greater than your fear of failure.
    TE Threads: How to study for the CCENT/CCNA, Introduction to Cisco Exams

    · Share on FacebookShare on Twitter
  • chamjieechamjiee Member Posts: 11 ■□□□□□□□□□
    does it works with packet tracer ?
    · Share on FacebookShare on Twitter
Sign In or Register to comment.