basic security measures
close unused ports with the shutdown command
prevent the port from trunking with the switchport mode access command
place the port in an unused vlan(dummy vlan)
to implement port security the port has to be access
(switchport mode access)
switchport port-security maximum 1
switchport port-security violation
there are 3 options
protect
restrict
shutdown
the default mode is shutdown,it shuts the port down,transmits a message to the
log indecating the action taken and drops the violating frames.The interface
status will be err-disabled(error-disabled),it must be manually reopened
restrict drops the violating frames transmits a message to the log indecating
the issue,but does not shut down the port.
protect simply drops the violating frames
to configure the port to shut down if a frame is recieved with any source Mac
Address other than bb-bb-bb-bb-bb-bb,we would use the following config
int fa 0/1
switchport mode access
switchport port-security mac address bb-bb-bb-bb-bb-bb
or you can use the command
switchport port-security mac-address sticky(the first mac address which was
secure)
see the result in
show port-security int fa 1/0
in case of violation the led on the port will be dark
No comments:
Post a Comment