Port Security

Download as ppt, pdf, or txt
Download as ppt, pdf, or txt
You are on page 1of 13

PORT SECURITY

1
Port Security: Introduction

Port Security is security that is used on Cisco


switches. With port security, we can determine the
number of hosts that can be connected to the ports
on the switch and determine which hosts can be
connected to the switch.
The principle in configuring port security is to
register which mac addresses can or are allowed to
connect to the switch. While the workings of the
port security is that it will remove the packet from
the host or block the host whose mac address does
not match the configuration on the port security..

2
Port Security: Advantages

 Specify a group of end devices that can be


accessed by a particular port on a switch.
 Determine the action the switch will take if a
mac address is allowed or not detected
Port Security: Configuration Register
MAC Address

 Static: We manually determine the MAC address of the PC that


is allowed to access an interface port. If using Static, the MAC
Address of the PC will be saved in Running-config and if the
Switch is turned off it will not disappear, and the MAC Address
of the PC is also included in the MAC Address table.
 Dynamic: The switch automatically detects the MAC Address of
the PC connected to an Interface port the first time. The
weakness of this method is the MAC Address of the PC will
disappear when the Switch is turned off.
 Sticky: This is a combination of Static and Dynamic, the Switch
will automatically detect the MAC Address of the PC, and enter
the MAC Address in the MAC Address table and Running-
config, so that when the Switch is turned off and turned on again
the MAC Address of the registered PC will not lost.

4
Port Security: Violation Mode

 Protect – data from unknown source MAC addresses


are dropped; the violation counter will not be
calculated.
 Restrict - data from unknown source MAC
addresses are dropped; a security notification IS
presented by the switch and the violation counter
increments.
 Shutdown – (default mode) interface becomes error-
disabled and port LED turns off. The violation counter
increments. Issues the shutdown and then the no
shutdown command on the interface to bring it out of
the error-disabled state.
5
Port Security: Violation Mode

6
Port Security: Configuration Step

 Determine the port on the switch to be given


the port security function.
 Determine the type of port, whether access /
trunk. cannot be dynamic.
 Activate the port security function on that port.
 Register the mac-address of permitted end
devices.
 Determine the penalty for end devices that
are not registered.
7
Port Security: Configuring

8
Port Security: Configuring (Cont.)

9
Port Security: Verifying

Use the show port-security interface command to verify


the maximum number of MAC addresses allowed on a
particular port and how many of those addresses were
learned dynamically using sticky.

10
TABLE OF COMMANDS

Command Purpose

Step 1 configure terminal Enter global configuration


mode.

Step 2 interface interface Enter interface configuration


mode for the port you want to
secure.

Step 3 switchport port- Enable basic port security on


security the interface.

Step 4 switchport port- Set the maximum number of


security maximum MAC addresses that is allowed
max_addrs on this interface.



11
TABLE OF COMMANDS
Step 5 switchport port-security Set the security violation mode for the interface.
violation {shutdown |
restrict | protect} The default is shutdown.

For mode, select one of these keywords:

 shutdown—The interface is shut down


immediately following a security violation.

 restrict—A security violation sends a trap


to the network management station.

 protect—When the port secure


addresses reach the allowed limit on the
port, all packets with unknown addresses
are dropped.

Step 6 end Return to privileged EXEC mode.

Step 7 show port security Verify the entry.


[interface interface-id |
address]

12
Disabling Port Security
Step 1 configure terminal Enter global configuration
mode.

Step 2 interface interface Enter interface


configuration mode for the
port that you want to
unsecure.

Step 3 no switchport port- Disable port security.


security

Step 4 end Return to privileged EXEC


mode.

Step 5 show port security Verify the entry.


[interface interface-
id | address]

13

You might also like