Monday, September 12, 2016

Switch Port Security Configuration




Switch>
Switch>enable
Switch#conf t
Switch(config)#interface fastEthernet 0/1

Switch(config-if)#switchport mode access
 //Need to configure switch port as access port. By default switch port in dynamic port. So you can’t configure port security. It will show “Command rejected: FastEthernet0/1 is a dynamic port.”


Switch(config-if)#switchport port-security
//After configure port as access port. Configure Enable port security by above command.

Switch(config-if)#switchport port-security mac-address 0001.423C.CAD5
//statically configures Allowed MAC address for switchport. Only this port allow on this port.

Switch(config-if)#switchport port-security maximum 2
// If you want to all more device, you can specify the number.

Switch(config-if)#switchport port-security mac-address sticky
//Allow Switch to dynamically learn second MAC address with above command.

Now See Switch Learn MAC address Dynamically:

Switch#show port address
                                    Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan    Mac Address   Type                            Ports                Remaining Age
                                                                                                (mins)
----       -----------          ----                               -----                  -------------
1          0001.423C.CAD5       SecureConfigured       FastEthernet0/1                       -
1          0060.3E4B.3453         SecureSticky               FastEthernet0/1                       -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 1
Max Addresses limit in System (excluding one mac per port) : 1024


Switch(config-if)#switchport port-security violation shutdown
//Port will be shutdown after third Device/MAC come.

Now see the port status by below command:

Switch#show port-security interface fastEthernet 0/1
Port Security              : Enabled

Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 2

Total MAC Addresses        : 2

Configured MAC Addresses   : 1

Sticky MAC Addresses       : 1

Last Source Address:Vlan   : 0060.3E4B.3453:1
Security Violation Count   : 0

Now See the Port on Shutdown for connect third Device/MAC:
Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
               (Count)       (Count)        (Count)
--------------------------------------------------------------------
        Fa0/1        2          2                 1         Shutdown
----------------------------------------------------------------------
Switch#
By at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

Configure rb metal 2shpn As Access Point

Turn On rb Metal 2shpn Router as like : Connect rb metal 2shpn with your Laptop by winbox. Open Winbox: Click on Neighbors you w...