display port-security
Use display port-security to display port security configuration, operation information, and statistics for ports.
Syntax
display port-security [ interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
mdc-admin
mdc-operator
Parameters
interface interface-type interface-number: Specifies a port by its type and number. If you do not specify a port, this command displays port security information for all ports.
Examples
# Display port security information for all ports.
<Sysname> display port-security Global port security parameters: Port security : Enabled AutoLearn aging time : 0 min Disableport timeout : 20 s MAC move : Denied Authorization fail : Online NAS-ID profile : Not configured Dot1x-failure trap : Disabled Dot1x-logon trap : Disabled Dot1x-logoff trap : Enabled Intrusion trap : Disabled Address-learned trap : Enabled Mac-auth-failure trap : Disabled Mac-auth-logon trap : Enabled Mac-auth-logoff trap : Disabled OUI value list : Index : 1 Value : 123401 Ten-GigabitEthernet1/0/1 is link-up Port mode : userLogin NeedToKnow mode : Disabled Intrusion protection mode : NoAction Security MAC address attribute Learning mode : Sticky Aging type : Periodical Max secure MAC addresses : 32 Current secure MAC addresses : 0 Authorization : Permitted NAS-ID profile : Not configured
Table 30: Command output
Field | Description |
---|---|
Port security | Whether the port security feature is enabled. |
AutoLearn aging time | Sticky MAC address aging timer, in minutes. |
Disableport timeout | Silence period (in seconds) of the port that receives illegal packets. |
MAC move | Status of MAC move:
|
Authorization fail | Action to be taken for users who fail authorization:
|
NAS-ID profile | NAS-ID profile applied globally. |
Dot1x-failure trap | Whether SNMP notifications for 802.1X authentication failures are enabled. |
Dot1x-logon trap | Whether SNMP notifications for 802.1X authentication successes are enabled. |
Dot1x-logoff trap | Whether SNMP notifications for 802.1X authenticated user logoffs are enabled. |
Intrusion trap | Whether SNMP notifications for intrusion protection are enabled. If they are enabled, the device sends SNMP notifications after illegal packets are detected. |
Address-learned trap | Whether SNMP notifications for MAC address learning are enabled. If they are enabled, the device sends SNMP notifications after it learns a new MAC address. |
Mac-auth-failure trap | Whether SNMP notifications for MAC authentication failures are enabled. |
Mac-auth-logon trap | Whether SNMP notifications for MAC authentication successes are enabled. |
Mac-auth-logoff trap | Whether SNMP notifications for MAC authentication user logoffs are enabled. |
OUI value list | List of OUI values allowed for authentication. |
Port mode | Port security mode:
For more information about port security modes, see Security Configuration Guide. |
NeedToKnow mode | Need to know (NTK) mode:
|
Intrusion protection mode | Intrusion protection action:
|
Learning mode | Secure MAC address learning mode:
|
Aging type | Secure MAC address aging type:
|
Max secure MAC addresses | Maximum number of secure MAC addresses (or online users) that port security allows on the port. |
Current secure MAC addresses | Number of secure MAC addresses stored. |
Authorization | Whether the authorization information from the authentication server (RADIUS server or local device) is ignored:
|
NAS-ID profile | NAS-ID profile applied to the port. |