ergear.blogg.se

You can use a combination of manually configured mac addresses and as well as dynamically learned add is possible.įirst whenever you enable port security on an interface with the default configuration, that time.If you do not configure manually, in that condition switch will allow the first source mac address.You can change or allow the maximum number of the mac address.The attacker may be anyone in the organization or outside. The port-security protect mode silently drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses todrop below the maximum value.Basically, port security is used to protect our LAN interface from the attacker. Interface FastEthernet 0/3 configuration - Protect mode The port-security shutdown mode puts the interface into the error-disabled state immediately and sends an SNMP trap notification. Interface FastEthernet 0/2 configuration - Shutdown mode (default) Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action The interface drops traffic with the new mac-address (not learned by the switch because 3 mac addresses have already been registered on the fa0/1 interface) and increases the security viloation counter based on the 'restrict' port-security configuration of the interface. When the rogue laptop is connected to the hub and tries to communicate with 192.168.1.4, the number of mac-addresses learned ont the fastethernet 0/1 interface exceeds 3. Switchport port-security violation restrict Switchport port-security mac-address sticky Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.

Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. The port-security restrict mode drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment. Solution Interface FastEthernet 0/1 configuration - Restrict mode Static mac address entry : 00E0.A3CE.3236 Configure port security on interface Fa 0/3 of the switch with the following settings : Configure port security on interface Fa 0/2 of the switch with the following settings :ģ. Configure port security on interface Fa 0/1 of the switch with the following settings :Ģ. This lab will test your ability to configure port security on Cisco TM 2960 switch interfaces.ġ.