Switch Port Security - Part 2 (Packet Tracer Port Security Configuration Example) - www.ipcisco.com : www.ipcisco.com
You can Reach Our "CCNA Lab Courses with Packet Tracer" on Udemy.!!!
cisco-packet-tracer-ccna-adventure-1- cisco-packet-tracer-ccna-adventure-2-
Content Protection by DMCA.com

Switch Port Security Configuration

with Packet Tracer




************************************************************
WouLd YoU LiKe To Learn How to Use PAcket TraceR and PracTice CCNA LAbs
on PaCKet TrAcEr??? Here is My Courses on UDemY!!
CISCO PACKET TRACER HOW TO GUIDE
CISCO PACKET TRACER CCNA LABS ADVENTURE 1
CISCO PACKET TRACER CCNA LABS ADVENTURE 2
************************************************************

In this article, we will focus on detailed Port Security configuration. For our Port Security configuration, we will use the below topology. In this topology we will make examples for the configuration cases on Port Security.

You can DOWNLOAD the Packet Tracer example with .pkt format HERE.

switch port security topology

Switch Port Security Topology


Here we will use four scenario on four switch port. According to these scenarios, the below Port Security configuration will be done:

1.port
– max MAC 2
– 1 static MAC (PC1)
– 1 dynamic MAC (PC2)
– 1 violation (PC3)
– violation type shutdown

Switch(config)#inter fastEthernet 0/1
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security maximum 2
Switch(config-if)#switchport port-security mac-address 00E0.B085.4951
Switch(config-if)#switchport port-security mac-address 0003.e445.1485
Switch(config-if)#switchport port-security violation shutdown

2.port
– max MAC 2
– 2 dynamic MAC (PC6,PC7)
– 1 violation (PC8)
– violation type restrict

Switch(config)#interface fastEthernet 0/2
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport port-security 
Switch(config-if)#switchport port-security maximum 2
Switch(config-if)#switchport port-security mac-address sticky 
Switch(config-if)#switchport port-security violation restrict

3.port
– max MAC 1
– 1 static MAC (PC4)
– 2 violation (PC4,PC5)
– violation type shutdown

Switch(config)#inter fastEthernet 0/3
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security mac-address 1111.1111.1111
Switch(config-if)#switchport port-security violation shutdown

4.port
– max MAC 1
– 1 dynamic MAC (PC10)
– 1 violation (PC9)
– violation type protect

Switch(config)#inter fastEthernet 0/4
Switch(config-if)#switchport mode access 
Switch(config-if)#switchport port-security 
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security mac-address sticky 
Switch(config-if)#switchport port-security violation protect 

After this Port Security configuration, connect the PC’s one by one. After this process, you will see that the Port Security configuration on switch, will avoid the unwanted devices and limit the max number of MAC addresses as configured.

You can also check the below Port Security verification commands screenshots.

Switch#show port-security 
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
               (Count)       (Count)        (Count)
--------------------------------------------------------------------
        Fa0/1        2          2                 1         Shutdown
        Fa0/2        2          2                 1         Restrict
        Fa0/3        1          1                 1         Shutdown
        Fa0/4        1          1                 1          Protect
----------------------------------------------------------------------

Switch#show port-security address 
			Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan	Mac Address		  Type				Ports		Remaining Age
											(mins)
----	-----------		  ----				-----		-------------
1	0003.E445.1485	SecureConfigured	FastEthernet0/1		-
1	00E0.B085.4951	SecureConfigured	FastEthernet0/1		-
1   0090.21B9.4D6D    SecureSticky      FastEthernet0/2	    -
1   0009.7C63.A238    SecureSticky      FastEthernet0/2	    -
1	1111.1111.1111	SecureConfigured	FastEthernet0/3		-
1   0009.7C63.A238    SecureSticky      FastEthernet0/4	    -
------------------------------------------------------------------------------

Switch#show port-security interface fastEthernet 0/1
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 2
Total MAC Addresses        : 2
Configured MAC Addresses   : 2
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 1

Switch#show port-security interface fastEthernet 0/2
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Restrict
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 2
Total MAC Addresses        : 2
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 2
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 1

Switch#show port-security interface fastEthernet 0/3
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 1
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 1

Switch#show port-security interface fastEthernet 0/4
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Protect
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 1

In this example we have done Port Security configuration for our basic topology on Packet Tracer. After Port Security configuration, we have checked our Port Security configuration with Port Security verification commands.

You can DOWNLOAD the Packet Tracer example with .pkt format HERE.



************************************************************
WouLd YoU LiKe To Learn How to Use PAcket TraceR and PracTice CCNA LAbs
on PaCKet TrAcEr??? Here is My Courses on UDemY!!
CISCO PACKET TRACER HOW TO GUIDE
CISCO PACKET TRACER CCNA LABS ADVENTURE 1
CISCO PACKET TRACER CCNA LABS ADVENTURE 2
************************************************************


You can download “Packet Tracer” in Tools section.

Switch Port Security – Part 1
Switch Port Security – Part 2 (Packet Tracer Port Security Configuration Example)

You can check the other Packet Tracer Examples below:

Common Cisco Router Configuration Example on Packet Tracer
Router DHCP Configuration Example on Packet Tracer
VTP Configuration Example on Packet Tracer
VLAN Configuration Example on Packet Tracer
STP Configuration Example on Packet Tracer
BGP Configuration Example on Packet Tracer
Port Security Configuration Example on Packet Tracer
RIP Configuration Example on Packet Tracer
CDP Configuration Example on Packet Tracer
OSPF Area Types Example on Packet Tracer (Standard and Backbone Areas)
OSPF External Routes Example on Packet Tracer
OSPF Area Types Example on Packet Tracer (Stub, NSSA, Totally Stubby, Totally NSSA Areas)

Youn can join OUR Facebook Group with the below links!!!

You can Reach Our "CCNA Lab Courses with Packet Tracer" on Udemy.!!!
cisco-packet-tracer-ccna-adventure-1- cisco-packet-tracer-ccna-adventure-2-



About the Author
Gokhan Kosem is a telecommunation and network engineer. His ambition to IP networks and end-to-end system installation made him to prepare this web-site. By sharing his experiences about various networking protocols beside different system installation experiences and Cisco, Juniper, Alcatel-Lucent devices configurations, he is aimed to be helpful for his collegues in all over the world. He is currently lives in Istanbul, Turkey.

One comment for “Switch Port Security – Part 2 (Packet Tracer Port Security Configuration Example)”

1
Arvind Pandey

hello,

Thanks for sharing it.

It will be help to us.

Regards.
Arvind pandey

December 9th, 2016 at 08:12

Leave a Reply


Copy Protected by Chetan's WP-Copyprotect.