Port Security
IntroductionSuppose your I.T head asks you to connect only the known list of users in a switch in your I.T so no other users from another depart comes and connect there device with your switch. That's where the concept of port security helps you to solve this problem. Through port security, inappropriate device cannot connect with your switch which makes the switch more secure. The identification of the devices are made by the device's MAC address because the switch only understands the MAC address but not the device's IP address.
Features of Port Security
The features of port security are as follows:
- The switch keeps a list of all incoming frames from all the source's MAC address .
- The switch helps you to define the maximum no of MAC address which should have access through that port.
- If the no of MAC addresses reached the configured maximum limit, it gives the detection of port security violation.
- There is a command called sticky MAC address which helps the port security to learn the MAC address of the devices dynamically so that you should not carry the burden of writing address of all devices with your hands.
This is an important note that you should keep in your mind which is "Whenever you put port security on a port of a switch, the switch will no longer any MAC address as a dynamic entry. Now we know that to see the mac address entries in a switch you use the command "show mac address" but this command will not work on ports that uses port security. There are two commands that help you to see MAC addresses of secure ports which are as follows
- Show mac address-table secure: This command shows the mac address list of those ports that uses port security.
- Show mac address-table static: This command shows the mac address list of those ports that are statically assigned by the host.
In the next post post we will learn the configuration of port security and also the show commands that have been listed above.
No comments:
Post a Comment