Professional Documents
Culture Documents
1
2950 CISCO SWITCH
2
2950 CISCO SWITCH
The Cisco Catalyst® 2950 Series is
a family of wire-speed Fast Ethernet
desktop switches that delivers the
next generation of performance and
functionality for the LAN with
10/100/1000BaseT uplinks, enhanced
IOS service, quality of service (QoS),
multicast management, high
availability and security features
using a simple, Web-based interface.
3
Introduction
Secured ports restrict a port to a user-defined
group of stations. When you assign secure
addresses to a secure port, the switch does not
forward any packets with source addresses outside
the defined group of addresses. If you define the
address table of a secure port to contain only one
address, the workstation or server attached to that
port is guaranteed the full bandwidth of the port.
As part of securing the port, you can also define
the size of the address table for the port.
4
IMPORTANT NOTE
5
Secured ports generate address-security
violations under these conditions
6
ADVANTAGES OF PORT
SECURITY
Dedicated bandwidth If the size of
the address table is set to 1, the
attached device is guaranteed the full
bandwidth of the port.
7
COMMANDS TO VALIDATE
PORT SECURITY
Interface :Port to secure.
8
COMMANDS TO VALIDATE
PORT SECURITY
Secure Addresses :Number of addresses in
the secure address table for this port. Secure
ports have at least one address.
9
Security Violation Mode
Shutdown- The interface is shut down
immediately following a security violation
Restrict- A security violation sends a trap to the
network management station.
Protect- When the port secure addresses reach the
allowed limit on the port, all packets with
unknown addresses are dropped.
**The default is shutdown
10
Defining the Maximum Secure
Address Count
A secure port can have from 1 to 132
associated secure addresses. Setting one
address in the MAC address table for the port
ensures that the attached device has the full
bandwidth of the port. If the secure-port
maximum addresses are set between 1 to
132 addresses and some of the secure
addresses have not been added by user, the
remaining addresses are dynamically learnt
and become secure addresses.
11
IMPORTANT NOTE
12
Enabling Port Security on The
Switch
13
TABLE OF COMMANDS
Command Purpose
14
TABLE OF COMMANDS
Step 5 switchport port-security Set the security violation mode for the interface.
violation {shutdown |
restrict | protect} The default is shutdown.
15
DISABLING PORT SECURITY
Step 1 configure terminal Enter global configuration
mode.
16
AVOID CONFIGURATION
CONFLICTS
Certain combinations of port features conflict with one
another. For example, if you define a port as the network
port for a VLAN, all unknown unicast and multicast traffic
is flooded to the port. You could not enable port security
on the network port because a secure port limits the
traffic allowed on it.
In the table of conflicting features, no means that the two
features are incompatible and that both should not be
enabled; yes means that both can be enabled at the
same time and will not cause an incompatibility conflict.
If you try to enable incompatible features by using CMS, it
issues a warning message that you are configuring a setting that
is incompatible with another setting, and the switch does not
save the change
17
TABLE OF CONFLICTING
FEATURES
Port Port SPAN SPAN Connect Protected 802.1X
Group Security Source Destination to Port Port
Port Port Cluster
802.1X No No Yes No - - -
Port
18