Professional Documents
Culture Documents
2.2.4.9 Configuring Switch Port Security - César
2.2.4.9 Configuring Switch Port Security - César
72296278
TUTOR:
JUNIO DE 2021
2.2.4.9 Packet Tracer - Configuring Switch Port Security
Topology
Addressing Table
Objective
Part 1: Configure Port Security
Part 2: Verify Port Security
Background
In this activity, you will configure and verify port security on a switch. Port security
allows you to restrict a port’s ingress traffic by limiting the MAC addresses that are
allowed to send traffic into the port.
b. Set the maximum so that only one device can access the Fast Ethernet ports
0/1 and 0/2.
S1(config-if-range)# switchport port-security maximum 1
c. Secure the ports so that the MAC address of a device is dynamically learned
and added to the running configuration.
S1(config-if-range)# switchport port-security mac-address sticky
d. Set the violation so that the Fast Ethernet ports 0/1 and 0/2 are not disabled
when a violation occurs, but packets are dropped from an unknown source.
S1(config-if-range)# switchport port-security violation restrict
e. Disable all the remaining unused ports. Hint: Use the range keyword to apply
this configuration to all the ports simultaneously.
S1(config-if-range)# interface range fa0/3 - 24 , gi1/1 - 2
S1(config-if-range)# shutdown
Part 2: Verify Port Security
a. From PC1, ping PC2.
b. Verify port security is enabled and the MAC addresses of PC1 and PC2 were
added to the running configuration.
c. Attach Rogue Laptop to any unused switch port and notice that the link lights are
red.
d. Enable the port and verify that Rogue Laptop can ping PC1 and PC2. After
verification, shut down the port connected to Rogue Laptop.
e. Disconnect PC2 and connect Rogue Laptop to PC2’s port. Verify that Rogue
Laptop is unable to ping PC1
f. Display the port security violations for the port Rogue Laptop is connected to.
S1# show port-security interface fa0/2
g. Disconnect Rouge Laptop and reconnect PC2. Verify PC2 can ping PC1.
h. Why is PC2 able to ping PC1, but the Rouge Laptop is not? La seguridad del
Puerto solo fue habilitada para que se permita el acceso de Puerto del dispositivo, solo
se permite la MAC que visualice inicialmente para prevenir el acceso de otros
dispositivos.
Current configuration: 1675 bytes
!
Version 12.2
no service timestamps log datetime msec
no service timestamps debug datetime msec
no service password-encryption
!
hostname S1
!
!
!
spanning-tree mode pvst
!
interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security violation restrict
switchport port-security mac-address sticky 00E0.B027.2245
!
interface FastEthernet0/2
switchport mode access
switchport port-security
switchport port-security mac-address sticky
switchport port-security violation restrict
switchport port-security mac-address sticky 0001.647C.697E
!
interface FastEthernet0/3
shutdown
!
interface FastEthernet0/4
shutdown
!
interface FastEthernet0/5
shutdown
!
interface FastEthernet0/6
shutdown
!
interface FastEthernet0/7
shutdown
!
interface FastEthernet0/8
shutdown
!
interface FastEthernet0/9
shutdown
!
interface FastEthernet0/10
shutdown
!
interface FastEthernet0/11
shutdown
!
interface FastEthernet0/12
shutdown
!
interface FastEthernet0/13
shutdown
!
interface FastEthernet0/14
shutdown
!
interface FastEthernet0/15
shutdown
!
interface FastEthernet0/16
shutdown
!
interface FastEthernet0/17
shutdown
!
interface FastEthernet0/18
shutdown
!
interface FastEthernet0/19
shutdown
!
interface FastEthernet0/20
shutdown
!
interface FastEthernet0/21
shutdown
!
interface FastEthernet0/22
shutdown
!
interface FastEthernet0/23
shutdown
!
interface FastEthernet0/24
shutdown
!
interface GigabitEthernet0/1
!
interface GigabitEthernet0/2
!
interface Vlan1
ip address 10.10.10.2 255.255.255.0
!
!
line con 0
!
line vty 0 4
login
line vty 5 15
login
!
!
end
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#
S1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)#int f0/3
S1(config-if)#no shut
S1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state
to up
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state
to down
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state
to down
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state
to up
S1(config-if)#exit
S1(config)#exit
S1#
%SYS-5-CONFIG_I: Configured from console by console
S1#show port-security int f0/2
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Restrict
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 0002.4A42.C51C:1
Security Violation Count : 4
S1#
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state
to down
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state
to up
S1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
S1(config)#int f0/3
S1(config-if)#shut
%LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively
down
S1(config-if)#int range g0/1 - 2
S1(config-if-range)#shut
%LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively
down
%LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively
down