Switch Port Security

By -

 Switch port security is a network security feature that allows you to control and restrict access to a switch port based on the MAC (Media Access Control) address of the devices connected to it. This feature helps prevent unauthorized devices from connecting to the network and can be particularly useful in securing physical access to network ports. Below are the steps to configure and verify switch port security on a Cisco switch:

Configuration Steps:

  1. Access Configuration Mode:

    • Access the switch's command-line interface (CLI) and enter configuration mode.
    bash
    Switch> enable
Switch# configure terminal

  2. Enable Port Security on an Interface:

    • Navigate to the interface that you want to configure port security for.
    bash
    Switch(config)# interface interface_type interface_number
    • For example, to configure port security on GigabitEthernet 0/1:
    bash
    Switch(config)# interface GigabitEthernet0/1

  3. Enable Port Security on the Interface:

    • Enable port security on the selected interface.
    bash
    Switch(config-if)# switchport port-security

  4. Set the Maximum Number of Allowed MAC Addresses:

    • Specify the maximum number of allowed MAC addresses on the interface. The default is usually 1.
    bash
    Switch(config-if)# switchport port-security maximum max_addresses
    • For example, to allow up to 2 MAC addresses:
    bash
    Switch(config-if)# switchport port-security maximum 2

  5. Configure the Port Security Violation Mode:

    • Specify how the switch should react when a violation occurs (e.g., when an unauthorized device is connected). Common violation modes are "shutdown," "restrict," or "protect."
    bash
    Switch(config-if)# switchport port-security violation {shutdown | restrict | protect}
    • For example, to shut down the port when a violation occurs:
    bash
    Switch(config-if)# switchport port-security violation shutdown

  6. Set the Allowed MAC Addresses (Optional):

    • If necessary, you can manually configure the allowed MAC addresses for the port.
    bash
    Switch(config-if)# switchport port-security mac-address mac_address
    • This is useful if you want to explicitly allow specific devices to connect to the port.

  7. Verify the Port Security Configuration:

    • To verify the port security configuration on the switch, use the following command:
    bash
    Switch# show port-security interface interface_type interface_number
    • This command displays information about the configured port security settings on the selected interface.

Verification Steps:

After configuring port security, you can verify its operation to ensure that it is correctly restricting access to the switch port. Here's how to do that:

  1. Check Port Security Status:

    • Use the following command to check the port security status and violations on the interface:
    bash
    Switch# show port-security interface interface_type interface_number
    • This command provides information about the current status of port security on the interface.

  2. Monitor Violation Counts:

    • You can monitor violation counts to see how many times the port security violation action has been triggered:
    bash
    Switch# show port-security
    • This command displays information about all interfaces with port security enabled.

Port security helps enhance network security by controlling the devices that can access a switch port. Unauthorized devices are prevented from connecting, and violation actions can be configured to respond to security breaches.

Comments

Post a Comment

Popular posts from this blog

CCNA Router and Catalyst Switch IOS Command Reference

By -
CCNA Router and Catalyst Switch IOS Command Reference By Jamison Schmidt This reference guide provides router and switch commands to help you prepare for Cisco's CCNA certification exam. This guide covers IOS version 11 and higher. We will try to get VLSM and Supernetting commands added for the new 640-801 CCNA exam. Reference Quick Links Router Commands Show Commands Catalyst Commands Router Commands Terminal Controls: ·   Config# terminal editing - allows for enhanced editing commands ·   Config# terminal monitor - shows output on telnet session ·   Config# terminal ip netmask-format hexadecimal|bit-count|decimal - changes the format of subnet masks Host Name: ·   Config# hostname ROUTER_NAME Banner: ·   Config# banner motd # TYPE MESSAGE HERE # - # can be substituted for any character, must start and finish the message Descriptions: ·   Config# description THIS IS THE SOUTH ROUTER - can be entered ...
Read more

Network Technologies

By -
Image
Common Networking Protocols TCP - TCP breaks data into manageable packets and tracks information such as source and destination of packets. It is able to reroute packets and is responsible for guaranteed delivery of the data. IP - This is a connectionless protocol, which means that a session is not created before sending data. IP is responsible for addressing and routing of packets between computers. It does not guarantee delivery and does not give acknowledgement of packets that are lost or sent out of order as this is the responsibility of higher layer protocols such as TCP. UDP - A connectionless, datagram service that provides an unreliable, best-effort delivery. ICMP - Internet Control Message Protocol enables systems on a TCP/IP network to share status and error information such as with the use of PING and TRACERT utilities. SMTP - Used to reliably send and receive mail over the Internet. FTP - ...
Read more

About myself

By -
With a track record of delivering innovative IT solutions and optimizing technology infrastructure, Prashant Shrivastava is the driving force behind the organization's digital transformation journey from 2007. Expertise in ERP Implementation: Prashant Shrivastava brings a wealth of experience in Enterprise Resource Planning (ERP) implementation, having successfully overseen multiple projects. ERP systems are vital for streamlining business processes, enhancing data visibility, and improving decision-making. He possesses a deep understanding of ERP modules, such as finance, human resources, supply chain, and customer relationship management, ensuring seamless integration across all departments. Infrastructure Administration and System Administration: As a Head of IT, Prashant Shrivastava has a strong foundation in both Infrastructure and System Administration. This expertise includes managing servers, networks, databases, and ensuring the overall stability and security of the IT env...
Read more