The status code of err-disabled means that the security violation occured on the port. Next, by using the show port-security interface fa0/1 we can see that the switch has learned the MAC address of host A:īy default, the maximum number of allowed MAC addresses are one, so if we connect another host to the same port, the security violation will occur: The following example shows the configuration of port security on a Cisco switch:įirst, we need to enable port security and define which MAC addresses are allowed to send frames: define the maximum number of MAC addresses that can be used on the port by using the switchport port-security maximum NUMBER interface submode command Shut down mode also shuts down the port.Ģ. The restrict and shutdown options send a log messsages when a violation occurs. All three options discards the traffic from the unauthorized device. define what action the switch will take when receiving a frame from an unathorized device by using the port security violation interface subcommand. define which MAC addresses are allowed to send frames through this interface by using the switchport port-security mac-address MAC_ADDRESS interface subcommand or using the swichport port-security mac-address sticky interface subcommand to dynamically learn the MAC address of the currently connected hostġ. enable port security by using the switchport port-security interface subcommandģ. define the interface as an access interface by using the switchport mode access interface subcommandĢ.
To configure port security, three steps are required:ġ. If an unathorized device is connected, you can decide what action the switch will take, for example discarding the traffic and shutting down the port. This way you can restrict access to an interface so that only the authorized devices can use it. For example, a switchport can be configured to only allow a single MAC address to be learned at a time and not permit hosts other than the one initially learned the only way to change the host that connects to the switchport is to disable switchport security and reenable it, to delete the learned MAC address from the table directly, or to wait. By using port security, a network administrator can associate specific MAC addresses with the interface, which can prevent an attacker to connect his device. Article catalog 1, Demand analysis 2, Network topology 3, ip address planning and design 4, Main equipment configuration scheme 1. If you know which devices will be connected to which ports, you can use the Cisco security feature called port security. That means that an attacker could connect to your network through a wall socket and potentially threaten your network. By default, all interfaces on a Cisco switch are turned on.
0 kommentar(er)
