Cisco CCNA Port Security

Posted filed under Cisco CCNA.


Click here to see the presentation

 

Here what I have:

Pc1=10.10.10.1

pc2=10.10.10.2

pc3=10.10.10.3 connected to port f0/3 which is located in Lobby

hacker=10.10.10.4

 

 

The goal is I want to protect the port f0/3 located in lobby and make sure only PC3=sales3 be able to connect and do his work.

 Hint:You will go int f0/3 and start with switchport?

Step 1) Make sure you enable port-security

 

SW1(config)#

SW1(config)#int f0/3

SW1(config-if)#switchport ?

access         Set access mode characteristics of the interface

mode           Set trunking mode of the interface

native         Set trunking native characteristics when interface is in

trunking mode

nonegotiate    Device will not engage in negotiation protocol on this

interface

port-security  Security related command

priority       Set appliance 802.1p priority

trunk          Set trunking characteristics of the interface

voice          Voice appliance attributes

SW1(config-if)#switchport port

SW1(config-if)#switchport port-security ?

mac-address  Secure mac address

maximum      Max secure addresses

violation    Security violation mode

<cr>

SW1(config-if)#switchport port-security

Command rejected: FastEthernet0/3 is a dynamic port.

SW1(config-if)#sw

SW1(config-if)#switchport mo

SW1(config-if)#switchport mode acc

SW1(config-if)#switchport mode ?

access   Set trunking mode to ACCESS unconditionally

dynamic  Set trunking mode to dynamically negotiate access or trunk mode

trunk    Set trunking mode to TRUNK unconditionally

SW1(config-if)#switchport mode dy

SW1(config-if)#switchport mode dynamic ?

auto       Set trunking mode dynamic negotiation parameter to AUTO

desirable  Set trunking mode dynamic negotiation parameter to DESIRABLE

SW1(config-if)#switchport mode acc

SW1(config-if)#switchport mode access

SW1(config-if)#switchport port-security

 

 

Hint:make sure when you do above; you have made the port mode access;

 

Step 2) define how many mac-address can be connected the

        Default=1 (if I write show run ) it will not be seen for default  value

 

SW1#config tEnter configuration commands, one per line.  End with CNTL/Z.

SW1(config)#int f0/3

SW1(config-if)#sw

SW1(config-if)#switchport po

SW1(config-if)#switchport port-security ?

mac-address  Secure mac address

maximum      Max secure addresses

violation    Security violation mode

<cr>

SW1(config-if)#switchport port-security max

SW1(config-if)#switchport port-security maximum ?

<1-132>  Maximum addresses

SW1(config-if)#switchport port-security maximum 2

 

Step 3) tell what is the Mac of the PC connected;

Hint: I can do in two way:

 

  •  Statically
  • Dynamically using the key word sticky

 

 

Receive our Cisco CCNA Packet Tracer!
Get our complete tutorial in PDF

 

 

[bs_icon name=”glyphicon glyphicon-expand”] Watch the video and you will be able to understand Cisco Port Security much better and Please subscribe to our YouTube Channel.

50-discount-on-self-study-online-class

Want more information on how to become Cisco CCNA Certified? Learn more!
Join our Cisco CCNA facebook study group!

Also published on Medium.

Comments are closed.