When you are working as a Network Engineer or Network Administrator the main problem you facing is the security of switch.We can Protect switch by enabling password and console password protection but the main problem come when we think about Cisco switches Ports which are open for all.When we want to take total control of our switch port that who can access the port and who will not, then we need to configure switch port security. Switch port is a function available in cisco switch which provides facility to control and secure switches ports.
In below scenario I am going to configure cisco switch in such a fashion that port fa0/1 and port fa0/2 can only be connected with specific PC having specific Mac address.
We will bind Switch Port with PC Mac Address.
You can see PC0 and PC1 MAC ADDRESS in below image.
Now see the MAC ADDRESS of both PC using ipconfig command:
Now I am going to bind the switch port with mac-address.
First I will bind PC0 mac with interface Fa0/1:
Switch>enable Switch#config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int fa0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security mac-address 00E0.B026.3E23 Switch(config-if)#switchport port-security maximum 1 Switch(config-if)#switchport port-security violation shutdown Switch(config-if)#
Now I will bind PC1 with interface Fa0/2:
Switch>enable Switch#config t Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#int fa0/2 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security mac-address 0060.47AE.E80B Switch(config-if)#switchport port-security maximum 1 Switch(config-if)#switchport port-security violation shutdown Switch(config-if)#
Now Check the mac address associated with interfaces:
Switch#show port-security address Secure Mac Address Table ------------------------------------------------------------------------------- Vlan Mac Address Type Ports Remaining Age (mins) ---- ----------- ---- ----- ------------- 1 00E0.B026.3E23 SecureConfigured FastEthernet0/1 - 1 0060.47AE.E80B SecureConfigured FastEthernet0/2 - ------------------------------------------------------------------------------ Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 1024 Switch#
Now see the PORT SECURITY Settings of Interface Fa0/1:
Switch#show port-security int fa0/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Sticky MAC Addresses : 0 Last Source Address:Vlan : 0000.0000.0000:0 Security Violation Count : 0 Switch#
Now see the PORT SECURITY Settings of Interface Fa0/2:
Switch#show port-security int fa0/2 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 1 Sticky MAC Addresses : 0 Last Source Address:Vlan : 0000.0000.0000:0 Security Violation Count : 0 Switch#
Now if any other PC get connected with these interfaces the switch will detect the mac-address and for rule violation it will shutdown the port.
Advertisements
