Cisco Port Security Quick Configuration
Overview
Hello, boys and girls, let's start our discussion on Cisco port security feature. One of the key factor that we are not really worked on inside the network. Port security is the feature which secures your inside network so we should need to apply this feature at your layer 2 switches. In short, if your switch port is configured with port security then it will be considered as a secure port. Now lets quickly go into the configuration. This quick configuration article, if you want more detail on it, please visit the under mentioned link for reference.https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst4500/12-2/25ew/configuration/guide/conf/port_sec.html
Note
- Port security only enable in access port, not in dynamic mode(By default port is dynamic as shown in Pic 01 as well)Means, first you need to put the port on switchport access mode then you can apply port security to the required port. It is recommended that apply port-security as per your requirements.
(Pic-01)As per pic-01, when we go into the interface and try to enable port security by entering command "Switchport port-security". The command is rejected because the port is not in the access port.
(Pic-02)See in Pic-02, Now we have enter switchport mode access command which makes the interface in access mode, Then we have entered a port-security command to enable port security in the port. Now everything seems alright :)
(Pic-03)See in Pic-03, Now we are applying port to learn only one mac address at a time, suppose we connect one laptop at the above port, Port lean one mac address then we connect another laptop to the same port. By doing this port will come up again because we have allowed one mac address at a time to the port. Note that by applying above command the mac address not sticky(We will discuss this in next pic-04). Many of us think by applying this command the only one mac address is allowed to the port which is wrong. One mac address at a time
(Pic-04)See in Pic-04, Now we have applied the sticky command to the port. By entering this command, now the mac address is sticky. Suppose we connect the laptop to the port, The port lean mac address XYZ. Now the port is sticky with XYZ mac address. then no other laptop will be able to connect with this port
(Pic-05)See in Pic-05, By entering this command, If any violation occurs as per above configuration then the ports automatically goes in shutdown mode. Assume the port is configured with sticky command with laptop-1, now we connect laptop-2 to the same port, then a violation occurs, the port will go in shutdown mode. If we check in show interface status command. The said port shows in error-disable mode. Under mentioned link is for understanding why port goes in error-disabled.Now your port configuration is done now, Let me summarize the above commands in one go.Note. guys, again I like to mention here, please configure your port security as per your need
(Pic-06)In Pic-06, Above is the basic recommended commands of port security
(Pic-07)
In Pic-07, By entering this command we can check under mentioned details. Starting from left to Right
- VLAN: The VLAN in which port security is enabled.
- Mac Address: The Mac-address learn on the port.
- Type: The type keyword set the aging type.
- Ports: The port-security ports
(Pic-08)
In Pic-08, Guys it is a very useful command with respect to port security, By entering this command we can check under mentioned details. Starting from left to Right
- . Secure Port: The port in which port security enabled.
- MaxSecureAddr: The maximum limit is allowed on the port to avoid violations.
- CurrentAddr: Currently the number of mac address lean on the switch port.
- security violation: How much violation occurs on the port.
- Security Action: Which action is taken once the violation is occurs
(Pic-10)
In Pic-10, A very useful command for getting port security information related to the port security enabled interface.
Hope this Port-security quick documents helpful for you. please share this document for others. Sharing is caring
--------------------------------------------------End Topic--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
****Free of Cost Services****
· You can contact us for free any Cisco paid software router IOS, Latest Switches IOS, Wireless IOS, Cisco ASA IOS, paid Cisco documentation.
· You can also contact us any kind of network issues during your studies and job. we will respond to you within 2 to 3 hours.
· You can also contact us for your network projects and assignment. We have expert team for preparing the documentation.
·
****Contact us****
****Whatsapp# ****
+923224995052
****Email ****
****AQ Cisco Community Profile****
****Google+ ****
****Facebook****
*****Cisco Switch Useful Commands****
****Cisco switch Error disable quick****
****Cisco switch LED and Network assistant software****
****Cisco switch password recovery****
****Port channel suspended****
Hope document helpful for you
Regards,
AQ Learning Center (Networks)
CCIE Experts
 |
|
Now presents AQ Learning Center
|