Port Security Configuration on Cisco switch using packet tracer

Posted: February 27, 2017 in CCNA
Tags: , ,

When you are working as a Network Engineer or Network Administrator  the main problem you facing is the security of switch.We  can Protect switch by enabling password and console password protection but the main problem come when we think about Cisco switches Ports which are open for all.When we want to take total control of our switch port that who can access the port and who will not, then we need to configure switch port security. Switch port is a function available in cisco switch which provides facility to control and secure switches ports.

In below scenario I am going to configure cisco switch in such a fashion that port fa0/1 and port fa0/2 can only be connected with specific PC having specific Mac address.

 

We will bind Switch Port with PC Mac Address.

You can see PC0 and PC1 MAC ADDRESS in below image.

port security

 

Now see the MAC ADDRESS of both PC using ipconfig command:

 

switch port

 

Now I am going to bind the switch port with mac-address.

 

First I will bind PC0 mac with interface Fa0/1:

 

Switch>enable

Switch#config t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#int fa0/1

Switch(config-if)#switchport mode access

Switch(config-if)#switchport port-security

Switch(config-if)#switchport port-security mac-address 00E0.B026.3E23

Switch(config-if)#switchport port-security maximum 1

Switch(config-if)#switchport port-security violation shutdown

Switch(config-if)#

 

 

Now I will bind PC1 with interface Fa0/2:

 

Switch>enable

Switch#config t

Enter configuration commands, one per line. End with CNTL/Z.

Switch(config)#int fa0/2

Switch(config-if)#switchport mode access

Switch(config-if)#switchport port-security

Switch(config-if)#switchport port-security mac-address 0060.47AE.E80B

Switch(config-if)#switchport port-security maximum 1

Switch(config-if)#switchport port-security violation shutdown

Switch(config-if)#

Now Check the mac address associated with interfaces:

 

Switch#show port-security address

Secure Mac Address Table

-------------------------------------------------------------------------------

Vlan Mac Address Type Ports Remaining Age

(mins)

---- ----------- ---- ----- -------------

1 00E0.B026.3E23 SecureConfigured FastEthernet0/1 -

1 0060.47AE.E80B SecureConfigured FastEthernet0/2 -

------------------------------------------------------------------------------

Total Addresses in System (excluding one mac per port) : 0

Max Addresses limit in System (excluding one mac per port) : 1024

Switch#


Now see the PORT SECURITY Settings of Interface Fa0/1:

 

Switch#show port-security int fa0/1

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 1

Sticky MAC Addresses : 0

Last Source Address:Vlan : 0000.0000.0000:0

Security Violation Count : 0

Switch#

 

 

Now see the PORT SECURITY Settings of Interface Fa0/2:

 

Switch#show port-security int fa0/2

Port Security : Enabled

Port Status : Secure-up

Violation Mode : Shutdown

Aging Time : 0 mins

Aging Type : Absolute

SecureStatic Address Aging : Disabled

Maximum MAC Addresses : 1

Total MAC Addresses : 1

Configured MAC Addresses : 1

Sticky MAC Addresses : 0

Last Source Address:Vlan : 0000.0000.0000:0

Security Violation Count : 0

Switch#

 

 

Now if any other PC get connected with these interfaces the switch will detect the mac-address and for rule violation it will shutdown the port.
Advertisements

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s