NPS7.1 # SWITCH PORT SECURITY :
Remembers the ethernet MAC address connected to the switch port. Allow only the MAC address connected on that port. If any other MAC address tries to communicate through the port, port security will disable the port. Violation to tell the switch what to do when the number of MAC addresses on the port has exceeded the maximum. Various attacks such as Dos attack at layer 2, address spoofing can take place. If the administrator has control over the network then obviously the network is safe. To take total control over the switch ports, the user can use a feature called port-security.
- Shutdown mode is the default is to no shutdown the port on the cisco switch.
- Protect mode only allow traffic from the secure port and drop packets from other MAC addresses.
- Restrict mode to alert the network administrator. It will geerate the log message, increment the counter value, and will also send an SNMP trap.
- Sticky mode This is not a violation mode. By using the sticky command, the user provides static Mac address security without typing the absolute Mac address.
Note: - The port security will work on access port only i.e to enable port security, the user first has to make it an access port.
7.2 # CONFIGURATION OF PORT SECURITY
# How to do secure port for sticky security ?
Switch (config) #interface fastethernet 0/1
Switch (config-if) #no shutdown
Switch (config-if) #switchport mode access
Switch (config-if) #switchport port-security mac-address sticky 0060.7099.bc89
Switch (config-if) #exit
# How to do secure port for maximum security ?
Switch (config) #interface fastethernet 0/1
Switch (config-if) #no shutdown
Switch (config-if) #switchport mode access
Switch (config-if) #switchport port-security maximum ( 1-132 )
Switch (config-if) #exit
# How to do secure port for violation security ?
Switch (config) #interface fastethernet 0/1
Switch (config-if) #no shutdown
Switch (config-if) #switchport mode access
Switch (config-if) #switchport port-security violation ( Protect, Restrict, Shutdown )
Switch (config-if) #exit
# How to do secure port for aging-time security ?
Switch (config) #interface fastethernet 0/1
Switch (config-if) #no shutdown
Switch (config-if) #switchport mode ac-cess
Switch (config-if) #switchport port-security aging time 120
Switch (config-if) #storm-control broadcast level 755
Switch (config-if) #storm-control action shutdown
Switch (config-if) #exit
# Troubleshooting:
Q. Which command to show the port status?
Switch #show port-security
Q. Which command to show the individual port status?
Switch #show port-security interface fa 0/1
Q. Which command to clear the port-security?
Switch #clear port-security all
Q. Which command to show the port-security status?
Switch #show port-security address
Q. Which command to remove the port-security status?
Switch #no switchport port-security
Q. Which command to show the port mac-address?
Switch #show mac-address-table
Be updated into yourself and improve lives through DIT
0 Comments