Port Security.
Switch#show port-security ?
address Show secure address
interface Show secure interface
<cr>
Step 1:Check default port security on port f0/1
prior to configuration.
Switch#show port-security int f0/1
Port Security : Disabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
Note defaults:
Port security is disabled.
Violation mode is shutdown
Maximum Mac addresses default is 1.
No MAC address is also learned.
Switch#show port-security address
Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
Step 2 : Enabling Port security on int f0/1
Switch(config-if)#switchport port-security
Step 3: Configuring Port security
interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security mac-address sticky
(just sticky command is enough as Maximum default
is 1 and violation default is shutdown )
(just sticky command is enough as Maximum default
is 1 and violation default is shutdown )
Step 4 :
IP address assigned to Host and VLAN 1 on switch.
This is done so that Host can ping switch so that its
MAC gets added.
After Host Pings Switch VLAN1
Switch#show port-security int f0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 0007.EC13.BC80:1
Security Violation Count : 0
Host MAC gets added.
Switch#show port-security address
Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0007.EC13.BC80 SecureSticky FastEthernet0/1 -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
Step 5: After Violation
Switch#show port-security int f0/1
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 0090.0CD9.1662:1
Security Violation Count : 1
After Violation MAC of other Host is added
and security count goes up.
show port-security address , does not change
Switch#clear port-security ?
all Clear all secure MAC addresses
configured Clear all configured secure MAC addresses
dynamic Clear all secure MAC address auto-learned by hardware
sticky Clear all secure MAC address either auto-learned or configured
Switch(config-if)#switchport port-security ?
mac-address Secure mac address
maximum Max secure addresses
violation Security violation mode
<cr>
Switch(config-if)#switchport port-security maximum ?
<1-132> Maximum addresses
Switch(config-if)#switchport port-security mac-address ?
H.H.H 48 bit mac address
sticky Configure dynamic secure addresses as sticky
Switch(config-if)#switchport port-security mac-address sticky ?
H.H.H 48 bit mac address
<cr>
Switch(config-if)#switchport port-security violation ?
protect Security violation protect mode
restrict Security violation restrict mode
shutdown Security violation shutdown mode
No comments:
Post a Comment