Scribd Logo
Upload

Welcome to Scribd!

  • Securing Switch Access

    Uploaded by

    sagar002100
    17 views3 pages

    Original Title

    Securing Switch Access.docx

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views3 pages

    Securing Switch Access

    Uploaded by

    sagar002100

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Securing Switch Access

    Port Security

    A. Shutdown unused ports

    Config t
    Interface range f0/11-15
    Shutdown
    Description Port shutdown due to unused
    End

    SW# show ip interface brief


    SW# show run

    B. MAC binding

    Config t
    Interface f0/11
    Switchport mode access
    Switchport port-security
    Switchport port-security maximum 1
    Switchport port-security mac-address sticky
    Switchport port-security violation shutdown
    End

    Violation actions:
    1. Protect
    2. Restrict
    3. Shutdown

    Recovery of a port from err-disable state


    1. Manual recovery
    Config t
    Interface f0/11
    Shutdown
    No shutdown
    end
    2. Auto-recovery
    Config t
    Errdisable recovery cause psecure-violation
    Errdisable recovery interval 100
    end

    Verification
    SW# show run
    SW# show mac address-table
    SW# show port-security
    SW# show port-security interface f0/11
    Storm Control

    Switch floods the following frames if it receives:


     Broadcast frames
     Multicast frames
     Unknown unicast frames

    Storm Control is a feature used to set limits on flooded traffic before it can cause problems on your
    network.

    Config t
    Int range f0/1-10
    Storm-control broadcast | multicast | unicast level level | bps ____ | pps _____
    Storm-control action shutdown | trap
    End

    Sw# show storm-control interface f0/1

    Port-based Authentication

     Catalyst switches can support port-based authentication, a combination of AAA authentication


    and port security.

     This feature is based on the IEEE 802.1X standard.

    Conf t
    Hostname SW-X
    Vlan 2
    Name server
    Vlan 3
    Name sales
    Vlan 4
    Name marketing

    Int vlan 2
    Ip address 170.10.2.1 255.255.255.0
    No shut
    Exit
    Int vlan 3
    Ip address 170.10.3.1 255.255.255.0
    No shut
    Exit
    Int vlan 4
    Ip address 170.10.4.1 255.255.255.0
    No shut
    Exit

    ip routing
    int f0/24
    switchport mode access
    switchport access vlan 2
    exit

    ip dhcp pool sales


    network 170.10.3.0 255.255.255.0
    default-router 170.10.3.1
    exit
    ip dhcp excluded-address 170.10.3.1

    ip dhcp pool marketing


    network 170.10.4.0 255.255.255.0
    default-router 170.10.4.1
    exit
    ip dhcp excluded-address 170.10.4.1

    aaa new-model
    aaa authentication dot1x default group radius
    aaa authorization network default group radius
    radius-server host 170.10.2.100 key cisco123

    dot1x system-auth-control (Globally enables 802.1x on switch)

    int range f0/1 -4


    shutdown
    switchport mode access
    dot1x port-control auto (Enables 802.1x auth on the port)
    dot1x reauthentication (Enables periodic re-authentication of the client)
    dot1x timeout reauth-period 60 (Number of seconds between re-authentication attempts)
    dot1x auth-fail max-attempts 2 (No of auth attempts to allow before a port moves to the
    restricted VLAN)
    dot1x host-mode multi-host
    spanning-tree portfast
    no shut
    end

    You might also like