CONFIGURING SWITCH PORT SECURITY
You can use the port security feature to restrict input to an interface by limiting and identifying MAC.If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the system attached to that port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC addresses is reached, when the MAC address of a workstation attempting to access the port is different from any of the identified secure MAC addresses, a security violation occurs
you have set the maximum number of secure MAC addresses on a port, the secure addresses are included in an address table in one of these ways:
CONFIGURING STICKY MAC ADDRESSES
sticky mac address is feature of port security.it can be bind mac address manually
Switch(config)# interface fastethernet 0/1
Switch(config-if)#switchport portsecurity mac-address sticky
You can use the port security feature to restrict input to an interface by limiting and identifying MAC.If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the system attached to that port is assured the full bandwidth of the port.
If a port is configured as a secure port and the maximum number of secure MAC addresses is reached, when the MAC address of a workstation attempting to access the port is different from any of the identified secure MAC addresses, a security violation occurs
you have set the maximum number of secure MAC addresses on a port, the secure addresses are included in an address table in one of these ways:
•
You can configure all secure MAC addresses by using the switchport port-security mac-address mac_address interface configuration command.
You can configure all secure MAC addresses by using the switchport port-security mac-address mac_address interface configuration command.
•You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected devices.
You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected devices.
•You can configure a number of addresses and allow the rest to be dynamically configured.
You can configure a number of addresses and allow the rest to be dynamically configured.
Benefit of port security
port security help to secure network by preventing unknown device from forward packet. this feature allow to limit number of devices can access the port.
Switch(config)# interface fastethernet 0/1
Switch(configif)# switchport mode access
Switch(configif)#switchport port-security
Switch(configif)#switchport port-security maximum 4
Switch(configif)#switchport port-security macaddress 1234.5678.90ab
Switch(configif)#switchport port-security violation shutdown
Switch(configif)#switchport port-security violation restrict
Switch(configif)#switchport port-security violation protect
CONFIGURING STICKY MAC ADDRESSES
sticky mac address is feature of port security.it can be bind mac address manually
Switch(config)# interface fastethernet 0/1
Switch(config-if)#switchport portsecurity mac-address sticky
Switch(config-if)#switchport portsecurity mac-address sticky vlan 10 voice
VERIFYING SWITCH PORT SECURITY
Switch# showport-security
Switch# show port-security interface fastethernet 0/5
Switch# show port-security address
Switch# show mac address-table [dynamic]
Switch# clear mac address-table dynamic
Switch# clear mac address-table dynamic address aaaa.bbbb.cccc
Switch# clear mac address-table dynamic interface fastethernet 0/5
Switch# clear mac address-table dynamic vlan 10
Switch# clear mac address-table notification
VERIFYING SWITCH PORT SECURITY
Switch# showport-security
Switch# show port-security interface fastethernet 0/5
Switch# show port-security address
Switch# show mac address-table [dynamic]
Switch# clear mac address-table dynamic
Switch# clear mac address-table dynamic address aaaa.bbbb.cccc
Switch# clear mac address-table dynamic interface fastethernet 0/5
Switch# clear mac address-table dynamic vlan 10
Switch# clear mac address-table notification
No comments:
Post a Comment