Similar topics
Latest topics
Earn Money
Log in
Who is online?
In total there are 7 users online :: 0 Registered, 0 Hidden and 7 Guests None
Most users ever online was 309 on Sat Oct 02, 2021 2:43 pm
Top posters
| tracy_k (95) |
| |||
| Yasir-Imran (76) |
| |||
| amaqsood1 (52) |
| |||
| m.abidkh (25) |
| |||
| BILAL KHAN (24) |
| |||
| kamran akbar (22) |
| |||
| yyy (18) |
| |||
| s4cnc (16) |
| |||
| dani14 (13) |
| |||
| QADEER HUSSAIN (9) |
|
Statistics
We have 3550 registered usersThe newest registered user is sharee4
Our users have posted a total of 727 messages in 319 subjects
Amazone
Learn Port-security In 15 Minutes
Page 1 of 1
Learn Port-security In 15 Minutes
by Imran Sat Sep 25, 2010 4:49 pm
A switch learns MAC Addresses on its ports. If a PC or whatever is connected to a switchport, the MAC Address of the PCs Networkcard is saved by the switch in its MAC Table. If another Device is connected to the same port, its MAC is learned, too, and the MAC of the first device stays in the MAC table till a aging time expires.
If we want, that only ONE MAC Address is allowed on a special switchport, we can use a feature called
"Port-Security".
With port-security, we can bind a special MAC of a specific PC to that switchport, or a
defined number of MAC Addresses which will be allowed to use that switchport. So, if another PC connects to that port, which MAC is not binded to that switchport, the port can go secure-down and the "foreign" pc can not communicate with the LAN. With port-security, we could also prevent the useage of hubs or other switches on a switchport, what can be very usefull to prevent users to experimenting with perhaps unallowed enlargement of their access ports to the LAN.
To enable port security, use the following command
switch(config)#interface fa0/1
switch(config-if)#switchport port-security
Now we can configure, WHICH MAC will be binded to that switchport
switch(config-if)#switchport port-security mac-address 00:e3:c2:e1:ee:af
We can configure, how many MACs will be maximum allowed on that port
switch(config-if)#switchport port-security maximum 5
We can configure, what should happen, if a violaton of the port-security rule occurs.
switch(config-if)#switchport port-security violation [ protect | restrict | shutdown ]
When configuring port security violation modes, note the following information:
Protect: Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
Restrict: Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.
Shutdown:Puts the interface into the error-disabled state immediately and sends an SNMP trap notification
Configure the secure MAC address aging time on the port.
There are two aging modes - absolute and inactivity. Default is absolute.
switch(config-if)#switchport port-security aging time 10
The aging time range is 1 to 1440 minutes (default is 0).
If we want, that only ONE MAC Address is allowed on a special switchport, we can use a feature called
"Port-Security".
With port-security, we can bind a special MAC of a specific PC to that switchport, or a
defined number of MAC Addresses which will be allowed to use that switchport. So, if another PC connects to that port, which MAC is not binded to that switchport, the port can go secure-down and the "foreign" pc can not communicate with the LAN. With port-security, we could also prevent the useage of hubs or other switches on a switchport, what can be very usefull to prevent users to experimenting with perhaps unallowed enlargement of their access ports to the LAN.
To enable port security, use the following command
switch(config)#interface fa0/1
switch(config-if)#switchport port-security
Now we can configure, WHICH MAC will be binded to that switchport
switch(config-if)#switchport port-security mac-address 00:e3:c2:e1:ee:af
We can configure, how many MACs will be maximum allowed on that port
switch(config-if)#switchport port-security maximum 5
We can configure, what should happen, if a violaton of the port-security rule occurs.
switch(config-if)#switchport port-security violation [ protect | restrict | shutdown ]
When configuring port security violation modes, note the following information:
Protect: Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.
Restrict: Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.
Shutdown:Puts the interface into the error-disabled state immediately and sends an SNMP trap notification
Configure the secure MAC address aging time on the port.
There are two aging modes - absolute and inactivity. Default is absolute.
switch(config-if)#switchport port-security aging time 10
The aging time range is 1 to 1440 minutes (default is 0).
Imran- Guest
Similar topics» latest p4s for ccna security
» How are the ccna security lab exam look like
» ActualTests CCNA Security 640-553 – v2.0 / 148 Qs -feb 2012
» How are the ccna security lab exam look like
» ActualTests CCNA Security 640-553 – v2.0 / 148 Qs -feb 2012
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum|
|
|
» CompTIA A+ 220-901 dumps
» Updated CCIE Collaboration 400-051 dumps
» JN0-691 Junos Troubleshooting (JNCSP) dumps
» CompTIA Server+ SK0-004 practice test
» CCNA Security 210-260 IINS practice test
» 300-320 ARCH exam practice test
» MCSA 70-461 exam practice test
» Microsoft Dynamics CRM MB2-708 practice test