Packet Tracer lab 4 : Port security © Lest Updates Woda, 21 August 2019 20:27 © Pblses: Testy, 07 Seperber 20101925. 7 wen by Pre aceenee Introduction ‘A arowing eae for network admnistatrs tobe abet conte who f allowed and who itt aces the rgariations intra network This access conils mandatory fre inrastructure pretetion n your network Tt ‘not on publ pas of he network where guest uses shoul beable to canner ort scurty i featur implemented in Osco Catal swiches which helps network engines in implementing network secuty on network boundaries. Ins mst bas form the Port Securty feature remembers the MAC adres ofthe devceconnered tthe switch edge port end slows ent tha MAC eres ob acne cn that pot any ater MAC ade detected onthe por, port security Feature shutdown the switch prt. “The sich canbe configured to send a SNMP trap to @netwrk mostoring slution to ar that pots disabled for sac reson Network diagram erat Lab instructions Tris lab wl ss your abit to canfie port sacunty on Csco™ 2960 st interac. 1. Congure port securty on iterace Fa 0/1 ofthe swech wt the folowing stings Port security enabled = Mode : est = Alone mae addresses 2 = Dyrarc mac adress learning 2 Conigure port secur on interface Fa O72 othe ste wits the following stings+ Mae: shutdown ~ Alone mac addresses : 3 = Dyna mac adress earring, 3. Contgure port scary on ntfae Fa 3 of the swecn wit he folowing setings Prt scunty enabled Mode protect Static mac seers ene + 00E0 ASCE 5296 4. From LAPTOP 1 “Try to png 192.1661.2 and 192.168.1.3, I shuld work “Try to png 192,166.14 an 192,168.15, 2 should work 5. Connect ROGUE pt othe hub Try to png 192168... t should work “Tr to ping 19216614 1 shoul fl Solution Interface FastEthernet 0/1 configuration - Restrict mode “Te port-securty restrict made drops packets wih unkrown source adresses ul yeu remove a suffcntramber of scare MAC adresses to cop Slow the maximum vale and caus the Sacult/Violtion counter to increment, Port sacurty with sticky MAC addresses provides ran of the sas Benes 2s port securty with sate MAC ‘adresses, Dut sticky MAC addresses an be leaned dynamically. Pot scuty wh sky MAC adores tans rarely learned MAC adresses deg ank-donncondn, re ortsecritymacatress they len te egue laptop i connects tote hu an nes to communicate wh 162,168.14 the number of mac- adresses leaned ont the fasttherne interface exceds 3. The ntetace drops rate wth the new mac address (et eared by Se snitch because 3 rac adresses have already been riser onthe fat Itracs) and inreases ‘he secur vib counter based on the esr port-ecurty coniguraten of he ineface. Scare hort Ranacienbir CorenderSeerStytolatonSecury Acton (count) (aunt) teu) Interface FastEthernet 0/2 configuration - Shutdown mode (default) The port-security shutdown rade puts te iterace nto the error disabled stat imrscatly an sens an SNMP ‘rap notiationInterface FastEthernet 0/3 configuration - Protect mode ‘Te portsecurty protect mode silently drops packets wt unknow igen numberof scare Mi ut youre adresses taérop below the maximum value, Mo counter Is incremented Publ by Packt Trace: Network