CCNA Extra Lesson 02: Concept of Switch Port Security in Cisco

-

Port Security in Cisco Switch

Port Security in a Cisco switch is a feature that helps protect the network by restricting input to an interface and limiting and identifying the MAC addresses of the stations allowed to access the port.
It’s widely used in enterprise and ISP networks to prevent unauthorized devices from connecting to the network.

Ethernet Port Security Use -

  • Preventing unauthorized access — stops users from plugging in personal laptops or switches.
  • Limit MAC flooding attacks — protects the MAC address table from being overfilled.
  • Enforce endpoint control — only pre-approved devices can connect.

   When port security is enabled:

  • The switch port learns or is configured with allowed MAC addresses
  • Any device with an unrecognized MAC address trying to send traffic is blocked or triggers an action.
  • You can set how many devices are allowed per port (default: 1).

    Port Security Terms

  • Static Secure MAC Address -- Manually configured MAC address allowed on the port.
  • Dynamic Secure MAC Address -- Learned dynamically, lost after reboot.
  • Sticky Secure MAC Address -- Learned dynamically but saved in the running config (can be made permanent).
  • Violation Modes -- What the switch will do if an unknown MAC address is detected.

     Violation Mode

  • Protect -- Discards packets with unknown MAC; no log message.
  • Restrict -- Discards packets with unknown MAC and sends log/SNMP trap.
  • Shutdown (default) -- Disables the port (err-disabled state) until manually or automatically reset.

How to Configure the Ether Port Security


SW1(config)#interface fastEthernet0/2
SW1(config-if)#switchport mode access
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security mac-address sticky
SW1(config-if)#switchport port-security maximum 1
SW1(config-if)#switchport port-security violation Shutdown

SW1#show port-security interface fastEthernet0/2
SW1#show port-security address
SW1#show interfaces fa0/2

N:B: By Changing PC one switchport to another, the reflection of configuration will be rectifying simultaneously. 


Popular posts from this blog

RHCSA-EX200: Vendor Exam Problem Solving

-
Image
Vendor Exam Module List following this link:  https://www.redhat.com/en/services/training/ex200-red-hat-certified-system-administrator-rhcsa-exam?section=objectives   Question-01: Manage basic networking  Configure network and set the static parameters. Consider a machine configured as DHCP, and need to configure it with static parameters. IP-ADDRESS= 172.25.250.10 | 192.168.213.10/24 NETMASK= 255.255.255.0 GATEWAY= 172.25.250.254 | 192.168.213.1 Nameserver= 172.24.254.254 | 192.168.213.1 Hostname= servera.lab.example.com Solution Step-01: Changed the hostname of Linux Machine.  #hostnamectl set-hostname servera.lab.example.com #hostname or hostnamectl #cat /etc/hostname Step-02: Changed/Create/Modify Network Adapter following information #nmcli connection show #nmcli device status #nmcli connection modify <profile_name> ipv4.addresses 172.25.250.10/24 ipv4.gateway 172.24.250.254 ipv4.dns 172.24.254.254 ipv4.method manual connection.autoconnect yes #systemctl r...
Read more

CCNA Class 11: Distance vector Routing Protocol (RIPv1 & RIPv2) Configuration

-
Image
DISTANCE VECTOR ROUTING PROTOCOL RIP is known as Distance Vector Routing Protocol. Here Distance means number of hop counts which is calculated by Router to reach traffic source to destination and Vector means direction. In a word, RIP - to choose the least path by calculating metric value from the entire network direction while travelling traffic from source to destination. Here the scenario, when the traffic travels from R1 to destination subnet X via the upper path (R1=>R2....R8=>Subnet-X) of Network, It takes the Metric 4 value. Or, the metric will be 3 while traveling R1 to Destination Subnet X via the middle path (R1=> R5...R8=>Subnet-X) of the network and Vice versa. How to RIP Work - RIP is a distance vector protocol that exchanges routing information between routers periodically. Each router maintains a routing table that contains the next hop and the hop count for each destination network. Every 30 seconds, the router sends its entire routing table to its dir...
Read more

CCNA Class 10: Introduction of Routed & Routing Protocols and Configuration

-
Image
Introduction of Routing Protocols Routing Fundamental Routing is the process of forwarding data packets from their source to their destination across interconnected networks. It is a critical function in both small-local area networks (LANs) and large-scale wide-area networks (WANs), including the Internet. There are two types of data packets - Routed Protocols and Routing Protocols.   Fig: Basic Routing Key Concepts in Routing Router: A router is a networking device responsible for forwarding data packets between networks based on their IP addresses. It operates at the network layer (Layer 3) of the OSI model. Routing Table: A database stored in a router that contains information about network destinations and how to reach them. Consists of: Destination network Next hop: The next router or device to which the packet should be sent. Metric: A value indicating the "Cost" of reaching a destination (hop count, bandwidth, latency, reliability, load). Interface: The router i...
Read more