Port Security | Lab Configuration

on


Port Security
     
Port security: - Port Security help to secure the network by preventing unknown devices from forwarding packets.
                   By using port security, users can limit the number of MAC addresses that    can be learned to a port, set static & dynamic (sticky) MAC addresses

    Ports:- Entry and exit point.
    |
   Two types of port
        |
        1.) Logical Ports (Software/Service/Protocol)
        2.) Physical Ports (Hardware- PS2, COM, LPT, USB)

    Number of logical ports -> 0-65535
    Number of physical ports -> 10-12
    Reserved ports -> 1023
    Free ports -> 1024- 65535
    Example:-
   FTP - 21                POP3 - 110
   SMTP - 25            IMAP4 - 143
   HTTP - 80            TELNET - 23
   DNS - 53             TFTP -69
   HTTPS - 443

    Note  - Port Security works only on 2950 or higher switches.

    Four types of port securities

    1.) MAC Address (Sticky (dynamic) & Static)

    2.) Maximum (No. of MAC Address can be used)

    3.) Aging (MAC can be used for a time period)

    4.) Violation 
        |
        Violation port security has three more options.

           1.) Protect (a. Deny Access)

           2.) Restrict (a.) Deny Access, b.) SNMP Notification)

           3.) Shutdown (a.)Deny Access, b.) SNMP Notification, c.) Shut the port down) 

    1.) Protect
    In this mode, the port goes shut down.
    Generate a Syslog message when an interface is disabled.
    The violation counter is set to 1 when an interface is disabled.

    2.) Restrict
    In this mode, a packet is discarded, but the port remains enabled.
    Generate a Syslog message every time when an unauthorized MAC is detected.
    The violation counter is incremented by 1.

    3.) Shutdown
    In this mode, the port discards the packet, but the port remains in enable mode.
    No Syslog message is generated.
    No violation counter.


 Port security Configuration on Cisco Switch – 
Applying port security on the fa0/1 interface of the switch. First, convert the port to an access port which will enable port security. 

======================================
Tosif (config) #int fa0/1
Tosif (config-if) #switchport mode access
Tosif (config-if) #switchport port-security
======================================

 Port Security Lab Configuration – 
Use the "sticky" command so that it will learn the Mac address dynamically and will provide the limit and the appropriate action that should be taken.

Tosif (config-if) #int fa0/1
Tosif (config-if) #switchport mode access
Tosif (config-if) #switchport port-security
Tosif (config-if) #switchport port-security mac-address sticky
Tosif (config-if) #switchport port-security maximum 2
Tosif (config-if) #switchport port-security violation shutdown


If the user wants to provide a static entry, then configure that by starting its Mac address.

Tosif (config-if) #int fa0/1
Tosif (config-if) #switchport mode access
Tosif (config-if) #switchport port-security
Tosif (config-if) #switchport port-security violation shutdown
Tosif (config-if) #switchport port-security mac-address aa.bb.cc.dd.ee.ff

Comments

Post a Comment