Scribd Logo
Upload

Welcome to Scribd!

  • 2.2.4.9 Configuring Switch Port Security - César

    Uploaded by

    unad gato
    14 views11 pages
    Cisco ccna.

    Original Title

    2.2.4.9 Configuring Switch Port Security_César

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    Cisco ccna.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    14 views11 pages

    2.2.4.9 Configuring Switch Port Security - César

    Uploaded by

    unad gato
    Cisco ccna.

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 11

    PASO 7: ACTIVIDAD COLABORATIVA _3

    CÓDIGO GRUPO 203092_5

    DIPLOMADO DE PROFUNDIZACIÓN CISCO (DISEÑO E IMLEMENTACIÓN DE

    SOLUCIONES INTEGRADAS LAN/WAN)

    CÉSAR AUGUSTO HERRERA DIOSSA

    72296278

    TUTOR:

    HECTOR MANUEL HERRERA HERRERA

    UNIVERSIDAD NACIONAL ABIERTA Y A DISTANCIA – UNAD

    ESCUELA DE CIENCIAS BÁSICAS, TECNOLOGÍA E INGENIERÍA

    JUNIO DE 2021
    2.2.4.9 Packet Tracer - Configuring Switch Port Security

    Topology

    Addressing Table

    Device Interface IP Address Subnet Mask

    S1 VLAN 1 10.10.10.2 255.255.255.0


    PC1 NIC 10.10.10.10 255.255.255.0
    PC2 NIC 10.10.10.11 255.255.255.0
    Rogue Laptop NIC 10.10.10.12 255.255.255.0

    Objective
    Part 1: Configure Port Security
    Part 2: Verify Port Security
    Background
    In this activity, you will configure and verify port security on a switch. Port security
    allows you to restrict a port’s ingress traffic by limiting the MAC addresses that are
    allowed to send traffic into the port.

    Part 1: Configure Port Security


    a. Access the command line for S1 and enable port security on Fast Ethernet
    ports 0/1 and 0/2.
    S1(config)# interface range fa0/1 - 2
    S1(config-if-range)# switchport port-security

    b. Set the maximum so that only one device can access the Fast Ethernet ports
    0/1 and 0/2.
    S1(config-if-range)# switchport port-security maximum 1
    c. Secure the ports so that the MAC address of a device is dynamically learned
    and added to the running configuration.
    S1(config-if-range)# switchport port-security mac-address sticky
    d. Set the violation so that the Fast Ethernet ports 0/1 and 0/2 are not disabled
    when a violation occurs, but packets are dropped from an unknown source.
    S1(config-if-range)# switchport port-security violation restrict
    e. Disable all the remaining unused ports. Hint: Use the range keyword to apply
    this configuration to all the ports simultaneously.
    S1(config-if-range)# interface range fa0/3 - 24 , gi1/1 - 2
    S1(config-if-range)# shutdown
    Part 2: Verify Port Security
    a. From PC1, ping PC2.
    b. Verify port security is enabled and the MAC addresses of PC1 and PC2 were
    added to the running configuration.

    c. Attach Rogue Laptop to any unused switch port and notice that the link lights are
    red.
    d. Enable the port and verify that Rogue Laptop can ping PC1 and PC2. After
    verification, shut down the port connected to Rogue Laptop.

    e. Disconnect PC2 and connect Rogue Laptop to PC2’s port. Verify that Rogue
    Laptop is unable to ping PC1
    f. Display the port security violations for the port Rogue Laptop is connected to.
    S1# show port-security interface fa0/2

    g. Disconnect Rouge Laptop and reconnect PC2. Verify PC2 can ping PC1.

    h. Why is PC2 able to ping PC1, but the Rouge Laptop is not? La seguridad del
    Puerto solo fue habilitada para que se permita el acceso de Puerto del dispositivo, solo
    se permite la MAC que visualice inicialmente para prevenir el acceso de otros
    dispositivos.
    Current configuration: 1675 bytes
    !
    Version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname S1
    !
    !
    !
    spanning-tree mode pvst
    !
    interface FastEthernet0/1
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    switchport port-security violation restrict
    switchport port-security mac-address sticky 00E0.B027.2245
    !
    interface FastEthernet0/2
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    switchport port-security violation restrict
    switchport port-security mac-address sticky 0001.647C.697E
    !
    interface FastEthernet0/3
    shutdown
    !
    interface FastEthernet0/4
    shutdown
    !
    interface FastEthernet0/5
    shutdown
    !
    interface FastEthernet0/6
    shutdown
    !
    interface FastEthernet0/7
    shutdown
    !
    interface FastEthernet0/8
    shutdown
    !
    interface FastEthernet0/9
    shutdown
    !
    interface FastEthernet0/10
    shutdown
    !
    interface FastEthernet0/11
    shutdown
    !
    interface FastEthernet0/12
    shutdown
    !
    interface FastEthernet0/13
    shutdown
    !
    interface FastEthernet0/14
    shutdown
    !
    interface FastEthernet0/15
    shutdown
    !
    interface FastEthernet0/16
    shutdown
    !
    interface FastEthernet0/17
    shutdown
    !
    interface FastEthernet0/18
    shutdown
    !
    interface FastEthernet0/19
    shutdown
    !
    interface FastEthernet0/20
    shutdown
    !
    interface FastEthernet0/21
    shutdown
    !
    interface FastEthernet0/22
    shutdown
    !
    interface FastEthernet0/23
    shutdown
    !
    interface FastEthernet0/24
    shutdown
    !
    interface GigabitEthernet0/1
    !
    interface GigabitEthernet0/2
    !
    interface Vlan1
    ip address 10.10.10.2 255.255.255.0
    !
    !
    line con 0
    !
    line vty 0 4
    login
    line vty 5 15
    login
    !
    !
    end

    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    S1(config)#int f0/3
    S1(config-if)#no shut
    S1(config-if)#
    %LINK-5-CHANGED: Interface FastEthernet0/3, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state
    to up
    %LINK-5-CHANGED: Interface FastEthernet0/3, changed state to down
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state
    to down
    %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to down
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state
    to down
    %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state
    to up
    S1(config-if)#exit
    S1(config)#exit
    S1#
    %SYS-5-CONFIG_I: Configured from console by console
    S1#show port-security int f0/2
    Port Security : Enabled
    Port Status : Secure-up
    Violation Mode : Restrict
    Aging Time : 0 mins
    Aging Type : Absolute
    SecureStatic Address Aging : Disabled
    Maximum MAC Addresses : 1
    Total MAC Addresses : 1
    Configured MAC Addresses : 0
    Sticky MAC Addresses : 1
    Last Source Address:Vlan : 0002.4A42.C51C:1
    Security Violation Count : 4
    S1#
    %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to down
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state
    to down
    %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state
    to up
    S1#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    S1(config)#int f0/3
    S1(config-if)#shut
    %LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively
    down
    S1(config-if)#int range g0/1 - 2
    S1(config-if-range)#shut
    %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively
    down
    %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively
    down

    You might also like