Networkxone
Welcome!

Join us now to get access to all our features. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, and so, so much more. It's also quick and totally free, so what are you waiting for?
Register Now! Sign In ยป


Regards

YASIR IMRAN
SR.NETWORK ENGINEER
CTTC PVT LTD
Cell:+92-333-7474148
Latest topics
» CCNA Industrial 200-601 IMINS2 exam dumps
Sat Apr 23, 2016 9:04 am by tracy_k

» CompTIA A+ 220-901 dumps
Tue Mar 08, 2016 8:20 am by tracy_k

» Updated CCIE Collaboration 400-051 dumps
Sat Jan 30, 2016 8:47 am by tracy_k

» JN0-691 Junos Troubleshooting (JNCSP) dumps
Tue Jan 12, 2016 9:33 am by tracy_k

» CompTIA Server+ SK0-004 practice test
Tue Jan 12, 2016 9:31 am by tracy_k

» CCNA Security 210-260 IINS practice test
Sat Nov 07, 2015 9:06 am by tracy_k

» 300-320 ARCH exam practice test
Sat Oct 24, 2015 10:26 am by tracy_k

» MCSA 70-461 exam practice test
Tue Oct 20, 2015 10:26 am by tracy_k

» Microsoft Dynamics CRM MB2-708 practice test
Sat Oct 17, 2015 9:50 am by tracy_k

Earn Money
Log in

I forgot my password

Who is online?
In total there are 5 users online :: 0 Registered, 0 Hidden and 5 Guests

None

Most users ever online was 53 on Fri May 11, 2012 9:02 am
Top posters
tracy_k (95)
 
Yasir-Imran (76)
 
amaqsood1 (52)
 
m.abidkh (25)
 
BILAL KHAN (24)
 
kamran akbar (22)
 
yyy (18)
 
s4cnc (16)
 
dani14 (13)
 
QADEER HUSSAIN (9)
 

Statistics
We have 3550 registered users
The newest registered user is sharee4

Our users have posted a total of 727 messages in 319 subjects
Poll

You like This Way to learn Knowledge ?

63% 63% [ 42 ]
22% 22% [ 15 ]
15% 15% [ 10 ]

Total Votes : 67


Learn Port-security In 15 Minutes

View previous topic View next topic Go down

Learn Port-security In 15 Minutes

Post by Imran on Sat Sep 25, 2010 4:49 pm

A switch learns MAC Addresses on its ports. If a PC or whatever is connected to a switchport, the MAC Address of the PCs Networkcard is saved by the switch in its MAC Table. If another Device is connected to the same port, its MAC is learned, too, and the MAC of the first device stays in the MAC table till a aging time expires.

If we want, that only ONE MAC Address is allowed on a special switchport, we can use a feature called
"Port-Security".
With port-security, we can bind a special MAC of a specific PC to that switchport, or a
defined number of MAC Addresses which will be allowed to use that switchport. So, if another PC connects to that port, which MAC is not binded to that switchport, the port can go secure-down and the "foreign" pc can not communicate with the LAN. With port-security, we could also prevent the useage of hubs or other switches on a switchport, what can be very usefull to prevent users to experimenting with perhaps unallowed enlargement of their access ports to the LAN.

To enable port security, use the following command

switch(config)#interface fa0/1
switch(config-if)#switchport port-security

Now we can configure, WHICH MAC will be binded to that switchport

switch(config-if)#switchport port-security mac-address 00:e3:c2:e1:ee:af

We can configure, how many MACs will be maximum allowed on that port

switch(config-if)#switchport port-security maximum 5

We can configure, what should happen, if a violaton of the port-security rule occurs.

switch(config-if)#switchport port-security violation [ protect | restrict | shutdown ]

When configuring port security violation modes, note the following information:

Protect: Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value.

Restrict: Drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value and causes the SecurityViolation counter to increment.

Shutdown:Puts the interface into the error-disabled state immediately and sends an SNMP trap notification


Configure the secure MAC address aging time on the port.
There are two aging modes - absolute and inactivity. Default is absolute.

switch(config-if)#switchport port-security aging time 10


The aging time range is 1 to 1440 minutes (default is 0).

Imran
Guest


Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum