Port Security Configuration
Take a switch and connect three PC's and one switch on the switch's port Fa 0/1 - Fa 0/4 as shown below
switch# interface fast ethernet 0/1
switch# switchport mode trunk
switch# switchport port-security
switch# switchport port-security maximum 1
On fa 0/1, we have assign the maximum number for devices that can be connected on this port. So if the maximum no reached past it's limit the port will get disable as shown below
switch# interface fast ethernet 0/2
switch# switchport mode access
switch# switchport port-security
switch# switchport port-security maximum 1
switch# switchport port-security violation shutdown
On fa 0/2, we have assign violation rule which is shutdown. Whenever a port-security is breached , the violation action performs it's function .There are three types of actions for violation :
- Protect
- Restrict
- Shutdown
switch# interface fast ethernet 0/3
switch# switchport mode access
switch# switchport port-security
switch# switchport port-security mac-address 0001.420C.83EA
On fa0/2, you can see that we have assigned a static MAC address but port detected another MAC address which is a clear violation and has been shutdown as shown below
Now on interface fa 0/4, we will perform the following configuration
switch# interface fast ethernet 0/4
switch# switchport mode access
switch# switchport port-security
switch# switchport port-security mac-address sticky
On fa0/4, we have configured the sticky command which will dynamically take the mac address from the first device that gets connected on that port.
Now remember to enable a port again that has been disabled, you need to manually disable the port by using the "shutdown" command and then enable it with "no shutdown" command.
To see the port-security status of any interface, the command is "show port-security interface". The status of fa 0/1 has been shown below.
No comments:
Post a Comment