Thursday 27 August 2015

How toPort Security in Cisco Switch

Port Security in Cisco Switch

Switch# show port-security
# confi  t
# int  f0/20
# switchport mode  access   
# switchport  port-security  <┘
# switchport  port-security   ?
# switchport  port-security
#switchport port-security mac-address ?
#switchport port-security mac-address sticky ?
#switchport port-security mac-address sticky <┘
#switchport port-security ?
#switchport port-security  maximum  ?
#switchport port-security maximum 1  <┘
Switch(config-if)#switchport port-security violation ?
Switch(config-if)#switchport port-security violation shutdown <┘
Switch(config-if)#^Z



Port Security
·         Remembers the Ethernet MAC address connected to the switch port
·         Allows only that MAC address to communicate on that port
·         If any other MAC address tries to communicate through the port, port security will disable the port.
Port Security
·         Shutdown – The default is to shut down the port.
·         Restrict – Alert the network administrator.
·         Protect – Only allow traffic from the secure port and drop packets from other MAC addresses.


Switch>en  <┘
Switch#show version  <┘
Switch#show port-security address <┘
#conf t
#int f0/19
#switchport port-security ?
#switchport port-security   <┘
#switchport mode access <┘
#switchport port-security <┘
#switchport port-security mac-address ?
#switchport port-security mac-address sticky ?
#switchport port-security mac-address sticky   <┘
#switchport port-security ?
#switchport port-security  maximum  ?
#switchport port-security maximum 1  <┘
Switch(config-if)#switchport port-security violation ?
Switch(config-if)#switchport port-security violation shutdown <┘
Switch(config-if)#^Z

Switch#sh port
Switch#sh port-security ?
  address    Show secure address
  interface  Show secure interface
  |          Output modifiers
  <cr>
Switch#sh port-security add
Switch#sh port-security address ?
  <cr>
Switch#sh port-security address


                                                Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan       Mac Address      Type                                      Ports                     Remaining Age
                                                                                                                                (mins)
----         -----------              ----                                         -----                        -------------
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 1024
Switch#





Switch#sh port-security interface f0/19
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 0

Switch#

Now  Remove computer from port f0/19
Switch#
%LINK-5-CHANGED: Interface FastEthernet0/19, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to down






Attach another computer
Switch#
%LINK-5-CHANGED: Interface FastEthernet0/19, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to up
Then after sometime, it will automatically down


Switch#sh port-security interface f0/19
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 0

Switch#


#sh port security address

Again connect old pc which is bind previously
Switch#
%LINK-5-CHANGED: Interface FastEthernet0/19, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to down

%LINK-5-CHANGED: Interface FastEthernet0/19, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/19, changed state to up

Switch#show port-security   int f0/19
port status secure Up


To disable port security
Switch#conf t
                #int f0/19
                # no switch port-security   <┘
#^z
# sh port-security f0/19
                (port security Disabled)



# show port –security address  <┘
Switch# clear port-security ?
Switch# clear port-security all  <┘
# sh port-security address <┘

# show mac-address table  <┘
Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)