WEBVTT 0:00:03.200000 --> 0:00:06.160000 Hello and welcome to this video, which we're going to offer a refresher 0:00:06.160000 --> 0:00:08.220000 on how do you monitor port security? 0:00:08.220000 --> 0:00:11.560000 How do you monitor that's been configured and what its operational state 0:00:11.560000 --> 0:00:15.560000 is and what it has currently learned and what it's doing? 0:00:15.560000 --> 0:00:20.920000 So there's about three commands that you will use to monitor port security. 0:00:20.920000 --> 0:00:25.260000 The first one is this high level show port-security command. 0:00:25.260000 --> 0:00:30.680000 So if your main objective is to find out, A, do I have port security already 0:00:30.680000 --> 0:00:32.260000 configured on any interfaces? 0:00:32.260000 --> 0:00:35.400000 And if so, what interfaces are they? 0:00:35.400000 --> 0:00:38.820000 B, what is the violation mode of those interfaces? 0:00:38.820000 --> 0:00:42.080000 And C, how many violations have occurred? 0:00:42.080000 --> 0:00:44.820000 This command will show you all of that in this output here. 0:00:44.820000 --> 0:00:46.120000 You can see that. 0:00:46.120000 --> 0:00:50.320000 If you want to drill into a particular interface and get a little bit 0:00:50.320000 --> 0:00:54.900000 more detail, you can do show port-security interface and then interface 0:00:54.900000 --> 0:00:56.500000 name and number. 0:00:56.500000 --> 0:00:59.800000 And this shows you a variety of good information. 0:00:59.800000 --> 0:01:04.060000 This shows you that the feature has been enabled on this interface. 0:01:04.060000 --> 0:01:07.220000 It shows you that currently this interface is good. 0:01:07.220000 --> 0:01:08.800000 It's securely up. 0:01:08.800000 --> 0:01:12.460000 It shows you that the violation mode is restrict. 0:01:12.460000 --> 0:01:15.620000 So we know that if a violation happens, what does that mean? 0:01:15.620000 --> 0:01:21.160000 That means that, um, that, um, that offending frames will be discarded. 0:01:21.160000 --> 0:01:25.940000 And with restrict, we will see this counter right here. 0:01:25.940000 --> 0:01:28.300000 The security violation count. 0:01:28.300000 --> 0:01:34.360000 If this instead was in protect mode, this counter here would be useless. 0:01:34.360000 --> 0:01:35.560000 It would never change. 0:01:35.560000 --> 0:01:38.460000 Even if there were thousands of violations, nothing would be recording 0:01:38.460000 --> 0:01:44.100000 of that. Here we see that an aging time apparently has been configured. 0:01:44.100000 --> 0:01:46.000000 An absolute aging time of one minute. 0:01:46.000000 --> 0:01:47.840000 That's not the default. 0:01:47.840000 --> 0:01:51.900000 We can see that a maximum of three addresses are allowed. 0:01:51.900000 --> 0:01:54.840000 Currently, only one address has been learned. 0:01:54.840000 --> 0:01:58.160000 No addresses have been statically configured. 0:01:58.160000 --> 0:02:03.580000 Sticky Mac addresses have been configured so that one address has been 0:02:03.580000 --> 0:02:06.620000 placed as part of the configuration is a sticky Mac. 0:02:06.620000 --> 0:02:09.740000 And we see right here what that address is. 0:02:09.740000 --> 0:02:12.740000 And this is the VLAN that that port is in. 0:02:12.740000 --> 0:02:14.260000 So a lot of good information. 0:02:14.260000 --> 0:02:17.240000 This is my favorite command for monitoring port security. 0:02:17.240000 --> 0:02:21.020000 If you know in advance what interface it's on. 0:02:21.020000 --> 0:02:25.220000 Then also you can do show port security address. 0:02:25.220000 --> 0:02:28.040000 And this gives you a high level overview of all the Mac addresses that 0:02:28.040000 --> 0:02:32.400000 have been learned via port security and what interfaces they have been 0:02:32.400000 --> 0:02:37.900000 learned on. So that concludes this video of the three various commands 0:02:37.900000 --> 0:02:40.100000 you can use to monitor port security.