Lab-port security

As per the diagram, the topology consists of three users connected to the FastEthernet 0/12 switchport via a hub. So logically, three MAC addresses are connected to the switchport.

The lab objective is to allow only PC0, that is, MAC address 00E0.B04D.2789:

Configuring port security:

  1. Enable port security on the FastEthernet 0/12 interface:
Switch(config)#interface FastEthernet 0/12
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
  1. Enable the number of users allowed. Since we want to allow only one user, we can define the value as 1:
Switch(config-if)#switchport port-security maximum 1
  1. Enable the user's specific MAC address, if required. By default, the switchport will use a method called sticky that associates any random MAC to be the trusted user. But here we want to associate a specific user. Hence we explicitly specify the MAC address:
Switch(config-if)#switchport port-security mac-address 00E0.B04D.2789
  1. Provide the violation method, which defines how the switch will react when it receives an unauthorized MAC address on its port:
Switch(config-if)#switchport port-security violation shutdown
  1. Verify the port's security:
Switch#show port-security
 
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
--------------------------------------------------------------------
Fa0/12          1              1              0            Shutdown
----------------------------------------------------------------------

This verifies that the port's security has been configured on FastEthernet 0/12.

  1. Initiate some bad traffic, that is, try to use the port from another MAC address:

We will initiate an ICMP echo request to the server from PC1, which is now the unauthorized user:

The packets have been dropped. Let's confirm whether the port's security initiated this action:

Switch#show port-security 
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
--------------------------------------------------------------------
Fa0/12            1           1              1              Shutdown

From the output, we can realize that the security violation count has incremented to 1 from 0, which confirms that the port's security initiated the packet to be dropped and to error-disable the port.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.
Reset
3.145.108.9