Scribd
Upload
11 views3 pages

Port Security1

Uploaded by

fishercharlie2022
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
11 views3 pages

Port Security1

Uploaded by

fishercharlie2022
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as RTF, PDF, TXT or read online on Scribd
You are on page 1/ 3

Port Security

Lab Objective:
Learn how to configure port security on a switch.
Lab Purpose:
Port security is a feature used on most networks. At the access switch level
it can prevent certain hosts from using the port or a certain number of
devices. In this lab we will prevent somebody from plugging in a hub to their
network port and adding more devices by permitting only one host to use it
at a time.
Lab Tool:
Packet Tracer
Lab Topology:
Please use the following topology to complete this lab exercise:

Lab Walkthrough:
Task 1:
Connect a hub to a switch and then two PCs to the hub. It won’t matter
which ports you use, but connect to F0/1 on the switch from the hub using a
crossover cable.
Task 2:
Configure port security on the switch. Permit only one host to use the port.
The default setting on the switch will be to shut down the port. You need to
set the port to access before applying security settings. Also, check the port
security settings.
Switch(config)#int f0/1
Switch(config-if)#switchport port-security
Command rejected: FastEthernet0/1 is a dynamic port.
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security max 1
Switch(config-if)#end
Switch#show port-security int f0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0

Task 3:
Add the IP addresses to both hosts. Frames may well leave the devices as
you add the IP addresses for keepalives. When you add a second IP address,
it should trigger the port to shut down. If this doesn’t happen, you can
ping .1 to .2. Here is the config for PC0:
Task 4:
Check the port security status for F0/1. It should have been shut down when
it saw a second device trying to send frames through it. You can also check
the MAC address seen on the port with the offending PC. Yours will differ
from mine of course.
Switch#show port-security int f0/1
Port Security : Enabled
Port Status : Secure-shutdown
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 000A.41E6.B12D:1 Security
Violation Count : 1

Task 5:
Issue a ‘show port-security’ command to check the general settings for the port
security on the switch.

You might also like