HPE Community
Comware Based
1830061 Members
2701 Online
109998 Solutions
New Discussion

Unable to display port-security logs

 
Damfive
Occasional Advisor

‎04-15-2020 03:22 AM

‎04-15-2020 03:22 AM

Unable to display port-security logs

Hello,

Sorry to disturb and already thanks for your help !

I'm here because recently we changed our old switches (HPE 5120 Version 5.20, Release 1518) by new ones (HPE5130 Version 7.1.070, Release 3506P02)

With the new ones, we are not able to display the PORTSEC logs, which is a little bit annoying.

I also noticed that when I'm trying to display the security-logfile, it showed me permission denied even if I enabled the security-logfile, and used an administrator account. Could it be our problem ? or the security-logfile has nothing to do with the PORTSEC logs not showing in the logbuffer?

Here is our configuration in the new switches :

Port-security enable

Port-security access-user log enable failed-authorization mac-learning violation vlan-mac-limit

Info-center security-logfile enable

Info-center loghost source Vlan-interface100

Info-center source default logfile level informational

Info-center loghost (IP Syslog server)

And on an interface :

port-security port-mode mac-authentification

 

Many thanks,

 

Dam

0 Kudos
3 REPLIES 3
Damfive
Occasional Advisor

‎04-16-2020 01:24 AM

‎04-16-2020 01:24 AM

Re: Unable to display port-security logs

Nobody has a solution for me please ?

The display of the PORTSEC logs are very important for us  !

Many thanks,

Dam

0 Kudos
jmpk
HPE Pro

‎04-16-2020 10:45 PM

‎04-16-2020 10:45 PM

Re: Unable to display port-security logs

Hi ,

Can you please provide interface configuration and also output of following commands  to understand what is wrong with the switch?

1. display port-security interface <type>

2.display port-security mac-address security interface <type>


I work for HPEAccept or Kudo
0 Kudos
Damfive
Occasional Advisor

‎04-17-2020 01:19 AM

‎04-17-2020 01:19 AM

Re: Unable to display port-security logs

Many thanks for your answer !

Here is the configuration of one of my interfaces.

[XXXXXXXX]display port-security interface GigabitEthernet 1/0/4
Global port security parameters:
Port security : Enabled
AutoLearn aging time : 0 min
Disableport timeout : 20 s
Blockmac timeout : 180 s
MAC move : Denied
Authorization fail : Online
NAS-ID profile : Not configured
Dot1x-failure trap : Disabled
Dot1x-logon trap : Disabled
Dot1x-logoff trap : Disabled
Intrusion trap : Enabled
Address-learned trap : Disabled
Mac-auth-failure trap : Enabled
Mac-auth-logon trap : Enabled
Mac-auth-logoff trap : Enabled
Open authentication : Disabled
OUI value list :

GigabitEthernet1/0/4 is link-up
Port mode : macAuthentication
NeedToKnow mode : Disabled
Intrusion protection mode : NoAction
Strict intrusion protection : Disabled
Security MAC address attribute
Learning mode : Sticky
Aging type : Periodical
Max secure MAC addresses : Not configured
Current secure MAC addresses : 1
Authorization : Permitted
NAS-ID profile : Not configured
Free VLANs : Not configured
Open authentication : Disabled
MAC-move VLAN check bypass : Disabled

 

[XXXXXXXX] display port-security mac-address security interface GigabitEthernet 1/0/4
MAC ADDR VLAN ID STATE PORT INDEX AGING TIME

--- no mac address found ---

 

For the second command, I think it's normal as we are using radius authentification via MAC address and not the sticky option ?

Thank you !

 

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.