0 Bewertungen0% fanden dieses Dokument nützlich (0 Abstimmungen)
163 Ansichten2 Seiten
This document describes how to configure port security on a switch to limit access to ports and secure the network. It involves:
1) Enabling port security on Ethernet ports 1/0 and 1/2 and setting the maximum to 1 so only one device can access each port.
2) Securing the ports so the MAC address of devices are dynamically learned and added to the running configuration.
3) Setting violations to restrict ports rather than disable them when a violation occurs.
This document describes how to configure port security on a switch to limit access to ports and secure the network. It involves:
1) Enabling port security on Ethernet ports 1/0 and 1/2 and setting the maximum to 1 so only one device can access each port.
2) Securing the ports so the MAC address of devices are dynamically learned and added to the running configuration.
3) Setting violations to restrict ports rather than disable them when a violation occurs.
This document describes how to configure port security on a switch to limit access to ports and secure the network. It involves:
1) Enabling port security on Ethernet ports 1/0 and 1/2 and setting the maximum to 1 so only one device can access each port.
2) Securing the ports so the MAC address of devices are dynamically learned and added to the running configuration.
3) Setting violations to restrict ports rather than disable them when a violation occurs.
9 Packet Tracer - Configuring Switch Port Security
Objective! Part "! Configure Port Security Part 2! #erify Port Security Obervation! Part "! Configure Port Security - Acce the co$$an% &ine for S" an% enab&e 'ort ecurity on (at )thernet 'ort *+" an% *+2 uing the co$$an% interface range (at)thernet*+"-2. , et the $a-i$u$ to " o that on&y one %evice can acce the (at )thernet 'ort *+" an% *+2. - Secure the 'ort o that the .AC a%%re of a %evice i %yna$ica&&y &earne% an% a%%e% to the running configuration uing the fo&&owing co$$an%! witch'ort 'ort-ecurity witch'ort 'ort-ecurity $ac-a%%re ticky witch'ort 'ort-ecurity vio&ation retrict witch'ort 'ort-ecurity $ac-a%%re ticky - , et the vio&ation to witch'ort 'ort-ecurity vio&ation retrict o that the (at )thernet 'ort *+" an% *+2 are not %iab&e% when a vio&ation occur/ but 'acket are %ro''e% fro$ an unknown ource. - , %iab&e% a&& the re$aining unue% 'ort uing the co$$an% interface range (at)thernet*+0-24 an% interface range gigabitethernet"+"-2. Part 2! #erify Port Security - (ro$ PC"/ , 'ing PC2. - , verifie% 'ort ecurity if it i enab&e% an% the .AC a%%ree of PC" an% PC2 were a%%e% to the running configuration by uing the co$$an% how 'ort-ecurity int fa*+" an% how 'ort-ecurity int fa*+2. - , attache% the 1ogue 2a'to' to any unue% witch 'ort an% the &ink &ight beco$e re%. - , enab&e% the 'ort by uing the co$$an% int fa*+0/ no hut an% verifie% that 1ogue 2a'to' can 'ing PC" an% PC2. After verification/ , hut %own the 'ort connecte% to 1ogue 2a'to'. - 3iconnect PC2 an% connect 1ogue 2a'to' to PC24 'ort. 1ogue 2a'to' i unab&e to 'ing PC". - 3i'&ay the 'ort ecurity vio&ation for the 'ort 1ogue 2a'to' i connecte% to by uing the co$$an% how 'ort-ecurity int fa*+2. - , %iconnecte% 1ouge 2a'to' an% reconnect PC2. PC2 can 'ing PC". - 5hy i PC2 ab&e to 'ing PC"/ but the 1ouge 2a'to' i not6 Anwer! The &i$it for fa*+2 i et to "/ o 1ouge 2a'to' cannot be there any$ore. Conc&uion! A i$'&e $etho% that $any a%$initrator ue to he&' ecure the network fro$ unauthori7e% acce i to %iab&e a&& unue% 'ort on a witch. Navigate to each unue% 'ort an% iue the Cico ,OS hut%own co$$an%. ,f a 'ort &ater on nee% to be reactivate%/ it can be enab&e% with the no hut%own co$$an%. ,t i i$'&e to $ake configuration change to $u&ti'&e 'ort on a witch. ,f a range of 'ort $ut be configure%/ ue the interface range co$$an%. Sticky &earning i enab&e% on an interface by uing the witch'ort 'ort-ecurity $ac-a%%re ticky interface configuration $o%e co$$an%. 5hen ticky ecure .AC a%%ree are configure% by uing the witch'ort 'ort-ecurity $ac-a%%re ticky $ac-a%%re interface configuration $o%e co$$an%/ a&& 'ecifie% a%%ree are a%%e% to the a%%re tab&e an% the running configuration.