- sa ipsec through sessions maximum
- set aggressive-mode client-endpoint through show content-scan
- show diameter peer through show object-group
- show parameter-map type consent through show users
- show vlan group through switchport port-security violation
- tacacs-server administration through title-color
- traffic-export through zone security
- Index
show parameter-map type consent through show users
show port-security
To display information about the port-security setting in EXEC command mode, use the show port-security command.
show port-security [ interface interface interface-number ]
show port-security [ interface interface interface-number ] { address | vlan }
Syntax Description
|
interface interface |
(Optional) Specifies the interface type; possible valid values are ethernet, fastethernet, gigabitethernet, and longreachethernet. |
|
interface-number |
Interface number. Valid values are 1 to 6. |
|
address |
Displays all the secure MAC addresses that are configured on all the switch interfaces or on a specified interface with aging information for each address. |
|
vlan |
Virtual LAN. |
Command Default
This command has no default settings.
Command Modes
EXEC
Command History
|
Release |
Modification |
|---|---|
|
12.2(14)SX |
Support for this command was introduced on the Supervisor Engine 720. |
|
12.2(17d)SXB |
Support for this command on the Supervisor Engine 2 was extended to Release 12.2(17d)SXB. |
|
12.2(18)SXE |
The address keyword was added to display the maximum number of MAC addresses configured per VLAN on a trunk port on the Supervisor Engine 720 only. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS release 12.(33)SRA. |
Usage Guidelines
The vlan keyword is supported on trunk ports only and displays per-Vlan maximums set on a trunk port.
The interface-number argument designates the module and port number. Valid values for interface-number depend on the specified interface type and the chassis and module that are used. For example, if you specify a Gigabit Ethernet interface and have a 48-port 10/100BASE-T Ethernet module that is installed in a 13-slot chassis, valid values for the module number are from 1 to 13 and valid values for the port number are from 1 to 48.
Examples
This example shows the output from the show port-security command when you do not enter any options:
Router# show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security
Action
(Count) (Count) (Count)
----------------------------------------------------------------------------
Fa5/1 11 11 0 Shutdown
Fa5/5 15 5 0 Restrict
Fa5/11 5 4 0 Protect
----------------------------------------------------------------------------
Total Addresses in System: 21
Max Addresses limit in System: 128
Router#
This example shows how to display port-security information for a specified interface:
Router# show port-security interface fastethernet 5/1 Port Security: Enabled Port status: SecureUp Violation mode: Shutdown Maximum MAC Addresses: 11 Total MAC Addresses: 11 Configured MAC Addresses: 3 Aging time: 20 mins Aging type: Inactivity SecureStatic address aging: Enabled Security Violation count: 0 Router#
This example show how to display all the secure MAC addresses that are configured on all the switch interfaces or on a specified interface with aging information for each address:
Router# show port-security address Default maximum: 10 VLAN Maximum Current 1 5 3 2 4 4 3 6 4 Router#
Related Commands
|
Command |
Description |
|---|---|
|
clear port-security |
Deletes configured secure MAC addresses and sticky MAC addresses from the MAC address table. |
show privilege
To display your current level of privilege, use the show privilege command in EXEC mode.
show privilege
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
|
Release |
Modification |
|---|---|
|
10.3 |
This command was introduced. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS release 12.(33)SRA. |
|
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
Examples
The following example shows sample output from the show privilege command. The current privilege level is 15.
Router# show privilege Current privilege level is 15
Related Commands
|
Command |
Description |
|---|---|
|
enable password |
Sets a local password to control access to various privilege levels. |
|
enable secret |
Specifies an additional layer of security over the enable password command. |
show radius statistics
To display the RADIUS statistics for accounting and authentication packets, use the show radius statistics command in user EXEC or privileged EXEC mode.
show radius statistics
Syntax Description
This command has no arguments or keywords.
Command Modes
User EXEC (>)
Privileged EXEC (#)
Command History
|
Release |
Modification |
|---|---|
|
12.1(3)T |
This command was introduced. |
|
12.2(33)SRA |
This command was integrated into Cisco IOS Release 12.(33)SRA. |
|
12.2SX |
This command is supported in the Cisco IOS Release 12.2SX train. Support in a specific 12.2SX release of this train depends on your feature set, platform, and platform hardware. |
|
15.1(1)S |
This command was integrated into Cisco IOS Release 15.1(1)S. Support for the CISCO-RADIUS-EXT-MIB was added. |
|
15.1(4)M |
This command was modified. Support for the CISCO-RADIUS-EXT-MIB was added. |
Usage Guidelines
The values in queue related fields (Maximum inQ length:, Maximum waitQ length:, and Maximum doneQ length:) of the show radius statistics command is shown as NA in vEWLC, as these queue related information is applicable only in IOS.
Examples
The following is sample output from the show radius statistics command:
Router# show radius statistics
Auth. Acct. Both
Maximum inQ length: NA NA 1
Maximum waitQ length: NA NA 2
Maximum doneQ length: NA NA 1
Total responses seen: 33 67 100
Packets with responses: 33 67 100
Packets without responses: 0 0 0
Access Rejects : 0
Average response delay(ms) : 1331 124 523
Maximum response delay(ms): 5720 4800 5720
Number of Radius timeouts: 8 2 10
Duplicate ID detects: 0 0 0
Buffer Allocation Failures: 0 0 0
Maximum Buffer Size (bytes): 156 327 327
Malformed Responses : 0 0 0
Bad Authenticators : 0 0 0
Source Port Range: (2 ports only)
1645 - 1646
Last used Source Port/Identifier:
1645/33
1646/69
The table below describes significant fields shown in the display.
|
Field |
Description |
|---|---|
|
Auth. |
Statistics for authentication packets. |
|
Acct. |
Statistics for accounting packets. |
|
Both
|
Combined statistics for authentication and accounting packets. |
|
Maximum inQ length |
Maximum number of entries allowed in the queue that holds the RADIUS messages not yet sent. |
|
Maximum waitQ length |
Maximum number of entries allowed in the queue that holds the RADIUS messages that have been sent and are waiting for a response. |
|
Maximum doneQ length |
Maximum number of entries allowed in the queue that holds the messages that have received a response and will be forwarded to the code that is waiting for the messages. |
|
Total responses seen |
Number of RADIUS responses seen from the server. In addition to the expected packets, the number includes repeated packets and packets that do not have a matching message in the waitQ. |
|
Packets with responses |
Number of packets that received a response from the RADIUS server. |
|
Packets without responses |
Number of packets that never received a response from any RADIUS server. |
|
Access Rejects |
Number of times access requests have been rejected by a RADIUS server. |
|
Average response delay |
Average time, in milliseconds (ms), from when the packet was first transmitted to when it received a response. If the response timed out and the packet was sent again, this value includes the timeout. If the packet never received a response, this value is not included in the average. |
|
Maximum response delay |
Maximum delay, in ms, observed while gathering the average response delay information. |
|
Number of RADIUS timeouts |
Number of times a server did not respond and the RADIUS server re-sent the packet. |
|
Duplicate ID detects |
RADIUS has a maximum of 255 unique IDs. In some instances, there can be more than 255 outstanding packets. When a packet is received, the doneQ is searched from the oldest entry to the youngest. If the IDs are the same, further techniques are used to see if this response matches this entry. If this response does not match, the duplicate ID detect counter is increased. |
|
Buffer Allocation Failures |
Number of times the buffer failed to get allocated. |
|
Maximum Buffer Size (bytes) |
Displays the maximum size of the buffer. |
|
Malformed Responses |
Number of corrupted responses, mostly due to bad authenticators. |
|
Bad Authenticators |
Number of authentication failures due to shared secret mismatches. |
|
Source Port Range: (2 ports only) |
Displays the port numbers. |
|
Last used Source Port/Identifier |
Ports that were last used by the RADIUS server for authentication. |
The fields in the output are mapped to Simple Network Management Protocol (SNMP) objects in the CISCO-RADIUS-EXT-MIB and are used in SNMP reporting. The first line of the report is mapped to the CISCO-RADIUS-EXT-MIB as follows:
Maximum inQ length maps to creClientTotalMaxInQLength
Maximum waitQ length maps to creClientTotalMaxWaitQLength
Maximum doneQ length maps to creClientTotalMaxDoneQLength
The field "Both" in the output can be derived from the authentication and accounting MIB objects. The calculation formula for each field, as displayed in the output, is given in the table below.
|
show radius statistics Command Output Data |
Calculation Formula for the Both Field |
|---|---|
|
Maximum inQ length |
creClientTotalMaxInQLength |
|
Maximum waitQ length |
creClientTotalWaitQLength |
|
Maximum doneQ length |
creClientDoneQLength |
|
Total responses seen |
creAuthClientTotalResponses + creAcctClientTotalResponses |
|
Packets with responses |
creAuthClientTotalPacketsWithResponses + creAcctClientTotalPacketsWithResponses |
|
Packets without responses |
creAuthClientTotalPacketsWithoutResponses + creAcctClientTotalPacketsWithoutResponses |
|
Access Rejects |
creClientTotalAccessRejects |
|
Average response delay |
creClientAverageResponseDelay |
|
Maximum response delay |
MAX(creAuthClientMaxResponseDelay, creAcctClientMaxResponseDelay) |
|
Number of RADIUS timeouts |
creAuthClientTimeouts + creAcctClientTimeouts |
|
Duplicate ID detects |
creAuthClientDupIDs + creAcctClientDupIDs |
|
Buffer Allocation Failures |
creAuthClientBufferAllocFailures + creAcctClientBufferAllocFailures |
|
Maximum Buffer Size (bytes) |
MAX(creAuthClientMaxBufferSize, creAcctClientMaxBufferSize) |
|
Malformed Responses |
creAuthClientMalformedResponses + creAcctClientMalformedResponses |
|
Bad Authenticators |
creAuthClientBadAuthenticators + creAcctClientBadAuthenticators |
Mapping the following set of objects listed in the CISCO-RADIUS-EXT-MIB map to fields displayed by the show radius statisticscommand is straightforward. For example, the creClientLastUsedSourcePort field corresponds to the Last used Source Port/Identifier portion of the report, creAuthClientBufferAllocFailures corresponds to the Buffer Allocation Failures for authentication packets, creAcctClientBufferAllocFailure corresponds to the Buffer Allocation Failures for accounting packets, and so on.
creClientTotalMaxInQLength
creClientTotalMaxWaitQLength
creClientTotalMaxDoneQLength
creClientTotalAccessRejects
creClientTotalAverageResponseDelay
creClientSourcePortRangeStart
creClientSourcePortRangeEnd
creClientLastUsedSourcePort
creClientLastUsedSourceId
creAuthClientBadAuthenticators
creAuthClientUnknownResponses
creAuthClientTotalPacketsWithResponses
creAuthClientBufferAllocFailures
creAuthClientTotalResponses
creAuthClientTotalPacketsWithoutResponses
creAuthClientAverageResponseDelay
creAuthClientMaxResponseDelay
creAuthClientMaxBufferSize
creAuthClientTimeouts
creAuthClientDupIDs
creAuthClientMalformedResponses
creAuthClientLastUsedSourceId
creAcctClientBadAuthenticators
creAcctClientUnknownResponses
creAcctClientTotalPacketsWithResponses
creAcctClientBufferAllocFailures
creAcctClientTotalResponses
creAcctClientTotalPacketsWithoutResponses
creAcctClientAverageResponseDelay
creAcctClientMaxResponseDelay
creAcctClientMaxBufferSize
creAcctClientTimeouts
creAcctClientDupIDs
creAcctClientMalformedResponses
creAcctClientLastUsedSourceId
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL: http://www.cisco.com/go/mibs .
Related Commands
|
Command |
Description |
|---|---|
|
radius-server host |
Specifies a RADIUS server host. |
|
radius-server retransmit |
Specifies how many times the Cisco IOS software searches the list of RADIUS server hosts before giving up. |
|
radius-server timeout |
Sets the interval for which a router waits for a server host to reply. |
show ssh
To display the status of Secure Shell (SSH) server connections on the router, use the show ssh command in user EXEC or privileged EXEC mode.
show ssh vty [ssh-number]
Syntax Description
|
vty |
Displays virtual terminal line (VTY) connection details. |
|
ssh-number |
(Optional) The number of SSH server connections on the router. Range is from 0 to 1510. The default value is 0. |
Command Modes
User Exec (>)
Privileged EXEC (#)
Command History
|
Release |
Modification |
|---|---|
|
12.1(15)T |
This command was introduced. |
|
12.2(33)SRA |
This command was modified. It was integrated into Cisco IOS Release 12.2(33)SRA. |
|
12.2(33)SXI |
This command was modified. It was integrated into Cisco IOS Release 12.2(33)SXI. |
|
Cisco IOS XE Release 2.1 |
This command was modified. It was integrated into Cisco IOS XE Release 2.1. |
Usage Guidelines
Use the show ssh command to display the status of the SSH connections on your router. This command does not display any SSH configuration data. Use the show ip ssh command for SSH configuration information such as timeouts and retries.
Examples
The following is sample output from the show ssh command with SSH enabled:
Router# show ssh Connection Version Encryption State Username 0 1.5 3DES Session Started guest
The table below describes the significant fields shown in the display.
|
Field |
Description |
|---|---|
|
Connection |
Number of SSH connections on the router. |
|
Version |
Version number of the SSH terminal. |
|
Encryption |
Type of transport encryption. |
|
State |
The status of SSH connection to indicate if the session has started or stopped. |
|
Username |
Uesrname to log in to the SSH. |
Related Commands
|
Command |
Description |
|---|---|
|
show ip ssh |
Displays version and configuration data for SSH. |
Feedback