Muftasoft TM

User Tools

Site Tools

Trace: configuring_port_security
products:ict:communications:courses:cisco:ccna:configuring_port_security

Configuring port security on a switch helps control access to the network by allowing only authorized devices to connect to specific switch ports. Port security can be configured to restrict access based on MAC addresses, limiting the number of MAC addresses allowed per port, and taking actions such as shutting down the port or sending alerts when security violations occur. Here's a step-by-step guide to configuring port security on a Cisco switch:

1. Access the Switch's CLI:

  1. Connect to the switch's CLI using a terminal emulator or console cable.

2. Enter Privileged EXEC Mode:

  1. Enter privileged EXEC mode by typing `enable` and providing the enable password if configured.

3. Enter Global Configuration Mode:

  1. Enter global configuration mode by typing `configure terminal`.

4. Select the Interface:

  1. Select the interface to which you want to apply port security. For example, interface FastEthernet0/1:

``` 

   switch(config)# interface fastethernet 0/1
   ```

5. Enable Port Security:

  1. Enable port security on the interface:

``` 

   switch(config-if)# switchport port-security
   ```

6. Configure Port Security Parameters:

  1. Configure port security parameters such as maximum MAC addresses allowed, violation actions, and aging time:

``` 

   switch(config-if)# switchport port-security maximum <max-mac-addresses>
   switch(config-if)# switchport port-security violation {shutdown | restrict | protect}
   switch(config-if)# switchport port-security aging time <seconds>
   ```

7. (Optional) Specify Allowed MAC Addresses:

  1. Optionally, you can specify allowed MAC addresses for the port:

``` 

   switch(config-if)# switchport port-security mac-address <mac-address>
   ```

8. (Optional) Enable Sticky MAC Addresses:

  1. Optionally, you can enable sticky MAC addresses to dynamically learn and secure MAC addresses on the port:

``` 

   switch(config-if)# switchport port-security mac-address sticky
   ```

9. Verify Configuration:

  1. Verify the port security configuration using the `show port-security` command:

``` 

   switch# show port-security interface fastethernet 0/1
   ```

10. Save Configuration:

  1. Save the configuration to the startup-config file:

``` 

    switch# copy running-config startup-config
    ```

Once configured, port security will enforce the specified security policies on the configured switch port(s), allowing only authorized devices to connect and limiting the number of MAC addresses that can access the network through those ports. You can adjust the port security parameters and actions based on your specific security requirements.

products/ict/communications/courses/cisco/ccna/configuring_port_security.txt · Last modified: 2024/03/31 23:08 by wikiadmin