SlideShare a Scribd company logo

Cisco Switch How To - Secure a Switch Port

IPMAX s.r.l.
IPMAX s.r.l.

In this lesson we will show how to prevent that unknown or unauthorized devices can obtain access to the network.

Technology
1 of 8
Download to read offline
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Secure a Switch Port CISCO Switch
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Next, you must identify a set of allowed MAC addresses so that the port can grant them access. You can explicitly configure addresses or they can be learned dynamically from port traffic. On each interface that uses port security, specify the maximum number of MAC addresses that will be allowed access using the following interface configuration command: Switch(config-if)#switchport port-security maximum max-addr 01 In some environments, a network must be secured by controlling what stations can gain access to the network itself. Where user workstations are stationary, their MAC addresses always can be expected to connect to the same access-layer switch ports. If stations are mobile, their MAC addresses can be learned dynamically or added to a list of addresses to expect on a switch port. Catalyst switches offer the port security feature to control port access based on MAC addresses. To configure port security on an access-layer switch port, begin by enabling it with the following interface-configuration command: Switch(config-if)#switchport port-security Secure a Switch Port CISCO Switch 1. Port security By default, only one MAC address will be allowed access on each switch port. You can set the maximum number of addresses in the range of 1 to 1,024.
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT You also can statically define one or more MAC addresses on an interface. Any of these addresses are allowed to access the network through the port. Use the following interface configuration command to define a static address: Switch(config-if)#switchport port-security mac-address mac-addr 02 Each interface using port security dynamically learns MAC addresses by default and expects those addresses to appear on that interface in the future. These are called sticky MAC addresses. MAC addresses are learned as hosts transmit frames on an interface. The interface learns up to the maximum number of addresses allowed. Learned addresses also can be aged out of the table if those hosts are silent for a period of time. By default, no aging occurs. For example, to set the maximum number of MAC addresses that can be active on a switch port at any time to two, you could use the following command: Switch(config-if)#switchport port-security maximum 2 Secure a Switch Port CISCO Switch 2. Set maximum mac address
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Finally, you must define how each interface using port security should react if a MAC address is in violation by using the following interface-configuration command: Switch(config-if)# switchport port-security violation {shutdown | restrict |protect} 03 The MAC address is given in dotted-triplet format. If the number of static addresses configured is less than the maximum number of addresses secured on a port, the remaining addresses are learned dynamically. Be sure to set the maximum number appropriately. You can use the following command to configure a static address entry on an interface: Switch(config-if)#switchport port-security mac-address 0006.5b02.a841 Secure a Switch Port CISCO Switch 3. Set reaction to violation A violation occurs if more than the maximum number of MAC addresses are learned or if an unknown (not statically defined) MAC address attempts to transmit on the port. The switch port takes one of the following configured actions when a violation is detected: • Shutdown - The port immediately is put into the errdisable state, which effectively shuts it down. It must be re-enabled manually or through errdisable recovery to be used again. • Restrict - The port is allowed to stay up, but all packets from violating MAC addresses are dropped. The switch keeps a running count of the number of violating packets and can send an SNMP trap and a syslog message as an alert of the violation. • Protect - The port is allowed to stay up, as in the restrict mode. Although packets from violating addresses are dropped, no record of the violation is kept.
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT When the default maximum of one MAC address is exceeded on this interface, the condition is logged but the interface stays up. This is shown by the following syslog message: Jun 3 17:18:41.888 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5e00.0101 on port GigabitEthernet0/11 04 As an example of the restrict mode, a switch interface has received the following configuration commands: interface GigabitEthernet0/11 switchport access vlan 991 switchport mode access switchport port-security switchport port-security violation restrict spanning-tree portfast Secure a Switch Port CISCO Switch 3. Set reaction to violation In the shutdown mode, the port security action is much more drastic. When the maximum number of MAC add resses is exceeded, the following syslog messages indicate that the port has been shut down in the errdisable state: Jun 3 17:14:19.018 EDT: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/11, putting Gi0/11 in err-disable state Jun 3 17:14:19.022 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0003.a089.efc5 on port GigabitEthernet0/11. Jun 3 17:14:20.022 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Gigabit Ethernet0/ 11, changed state to down Jun 3 17:14:21.023 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet0/11, changed state to down
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT 05 The command show port-security interface , shows port status as you can see in the following exemple Switch#show port-security interface gigabitethernet 0/11 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 0 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 0003.a089.efc5 Security Violation Count : 1 Secure a Switch Port CISCO Switch 4. Port Status To see a quick summary of only ports in the errdisable state, along with the reason for errdisable, you can use the show interfaces status err-disabled command, as demonstrated in Example Switch#show interfaces status err-disabled Port Name Status Reason Gi0/11 Test port err-disabled psecure-violation
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT 06 Finally, you can display a summary of the port-security status with the show port-security command, as demonstrated in next Example Switch#show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Gi0/11 5 1 0 Restrict Gi0/12 1 0 0 Shutdown --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 6176 Secure a Switch Port CISCO Switch 4. Port Status
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT More Needs? Services and Solutions Products Remote IpService Security Via Ponchielli, 4 20063 Cernusco sul Naviglio (MI) – Italy +39 02 9290 9171 info_ipmax@ipmax.it About us IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation

Recommended

How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatchHuawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
IPMAX s.r.l.
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID ConfusionHuawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
IPMAX s.r.l.
 
Cisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configurationCisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configuration
3Anetwork com
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switch
Hector Camba Lainez
 
Port Security
Port SecurityPort Security
Port Security
NetProtocol Xpert
 
How to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchHow to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchIT Tech
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
dkaya
 

Recommended

How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatchHuawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
IPMAX s.r.l.
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID ConfusionHuawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
IPMAX s.r.l.
 
Cisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configurationCisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configuration
3Anetwork com
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switch
Hector Camba Lainez
 
Port Security
Port SecurityPort Security
Port Security
NetProtocol Xpert
 
How to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchHow to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchIT Tech
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
dkaya
 
Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port Security
Hamed Moghaddam
 
Configuring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup programConfiguring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup program
3Anetwork com
 
Cisco CCNA-Router on Stick
Cisco CCNA-Router on StickCisco CCNA-Router on Stick
Cisco CCNA-Router on Stick
Hamed Moghaddam
 
How to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHow to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco Switches
Harris Andrea
 
ccna-discowey-final-100
ccna-discowey-final-100 ccna-discowey-final-100
ccna-discowey-final-100junkut3
 
Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2
Abdul Basit
 
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessBasic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet Access
Harris Andrea
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 Minutes
CCNAResources
 
Cisco switch commands cheat sheet
Cisco switch commands cheat sheetCisco switch commands cheat sheet
Cisco switch commands cheat sheet
3Anetwork com
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
Harris Andrea
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?
Huanetwork
 
Switching and Port Security
Switching and Port Security Switching and Port Security
Switching and Port Security
usman19
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and Trunking
Rafat Khandaker
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching Commands
Eng. Emad Al-Atoum
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport securityIT Tech
 
How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616
Huanetwork
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defense
Huanetwork
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracer
Anabia Anabia
 
lab1
lab1lab1
lab1guest575c3e
 
SRWE_Module_11.pptx
SRWE_Module_11.pptxSRWE_Module_11.pptx
SRWE_Module_11.pptx
Josimar Caitano
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptx
joko
 

More Related Content

What's hot

Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port Security
Hamed Moghaddam
 
Configuring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup programConfiguring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup program
3Anetwork com
 
Cisco CCNA-Router on Stick
Cisco CCNA-Router on StickCisco CCNA-Router on Stick
Cisco CCNA-Router on Stick
Hamed Moghaddam
 
How to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHow to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco Switches
Harris Andrea
 
ccna-discowey-final-100
ccna-discowey-final-100 ccna-discowey-final-100
ccna-discowey-final-100junkut3
 
Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2
Abdul Basit
 
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessBasic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet Access
Harris Andrea
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 Minutes
CCNAResources
 
Cisco switch commands cheat sheet
Cisco switch commands cheat sheetCisco switch commands cheat sheet
Cisco switch commands cheat sheet
3Anetwork com
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
Harris Andrea
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?
Huanetwork
 
Switching and Port Security
Switching and Port Security Switching and Port Security
Switching and Port Security
usman19
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and Trunking
Rafat Khandaker
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching Commands
Eng. Emad Al-Atoum
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport securityIT Tech
 
How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616
Huanetwork
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defense
Huanetwork
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracer
Anabia Anabia
 

What's hot (20)

Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port Security
 
Configuring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup programConfiguring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup program
 
Cisco CCNA-Router on Stick
Cisco CCNA-Router on StickCisco CCNA-Router on Stick
Cisco CCNA-Router on Stick
 
How to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHow to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco Switches
 
ccna-discowey-final-100
ccna-discowey-final-100 ccna-discowey-final-100
ccna-discowey-final-100
 
Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2
 
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessBasic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet Access
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 Minutes
 
Cisco switch commands cheat sheet
Cisco switch commands cheat sheetCisco switch commands cheat sheet
Cisco switch commands cheat sheet
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?
 
Switching and Port Security
Switching and Port Security Switching and Port Security
Switching and Port Security
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and Trunking
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching Commands
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport security
 
How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defense
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracer
 
lab1
lab1lab1
lab1
 

Similar to Cisco Switch How To - Secure a Switch Port

SRWE_Module_11.pptx
SRWE_Module_11.pptxSRWE_Module_11.pptx
SRWE_Module_11.pptx
Josimar Caitano
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptx
joko
 
Switchport port security explained with examples
Switchport port security explained with examplesSwitchport port security explained with examples
Switchport port security explained with examples
teameassefa
 
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
INFitunes
 
Switch security
Switch securitySwitch security
Switch security
nullowaspmumbai
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptx
SulSya
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
dkaya
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
Abdelkhalik Mosa
 
Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Dân Chơi
 
Chapter 14 - Sw Conf
Chapter 14 - Sw ConfChapter 14 - Sw Conf
Chapter 14 - Sw Confphanleson
 
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANWebinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Netgear Italia
 
Vlan
VlanVlan
Vlan
PAF-KIET
 
2.2.4.9 packet tracer configuring switch port security instructions - ig
2.2.4.9 packet tracer configuring switch port security instructions - ig2.2.4.9 packet tracer configuring switch port security instructions - ig
2.2.4.9 packet tracer configuring switch port security instructions - ig
Alex Ramirez
 
Bluetooth
Bluetooth Bluetooth
Bluetooth
Francesco Garofalo
 
CCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area networkCCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area network
Ahmed Habib
 
CCNA Lab 2-Configuring a Switch Part II
CCNA Lab 2-Configuring a Switch Part IICCNA Lab 2-Configuring a Switch Part II
CCNA Lab 2-Configuring a Switch Part II
Amir Jafari
 

Similar to Cisco Switch How To - Secure a Switch Port (20)

SRWE_Module_11.pptx
SRWE_Module_11.pptxSRWE_Module_11.pptx
SRWE_Module_11.pptx
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptx
 
Switchport port security explained with examples
Switchport port security explained with examplesSwitchport port security explained with examples
Switchport port security explained with examples
 
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
 
Switch security
Switch securitySwitch security
Switch security
 
Ch6
Ch6Ch6
Ch6
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptx
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
 
VLAN
VLANVLAN
VLAN
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
 
Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011
 
Chapter 14 - Sw Conf
Chapter 14 - Sw ConfChapter 14 - Sw Conf
Chapter 14 - Sw Conf
 
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANWebinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
 
Vlan
VlanVlan
Vlan
 
2.2.4.9 packet tracer configuring switch port security instructions - ig
2.2.4.9 packet tracer configuring switch port security instructions - ig2.2.4.9 packet tracer configuring switch port security instructions - ig
2.2.4.9 packet tracer configuring switch port security instructions - ig
 
Bluetooth
Bluetooth Bluetooth
Bluetooth
 
1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) 1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618)
 
CCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area networkCCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area network
 
Wp ci securing_layer2
Wp ci securing_layer2Wp ci securing_layer2
Wp ci securing_layer2
 
CCNA Lab 2-Configuring a Switch Part II
CCNA Lab 2-Configuring a Switch Part IICCNA Lab 2-Configuring a Switch Part II
CCNA Lab 2-Configuring a Switch Part II
 

More from IPMAX s.r.l.

Huawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mappingHuawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mapping
IPMAX s.r.l.
 
Huawei SAN Storage How To - Configuring the i-SCSI Communication Protocol
Huawei SAN Storage How To - Configuring the i-SCSI Communication ProtocolHuawei SAN Storage How To - Configuring the i-SCSI Communication Protocol
Huawei SAN Storage How To - Configuring the i-SCSI Communication Protocol
IPMAX s.r.l.
 
Huawei SAN Storage How To - ISM management application setup
Huawei SAN Storage How To - ISM management application setupHuawei SAN Storage How To - ISM management application setup
Huawei SAN Storage How To - ISM management application setup
IPMAX s.r.l.
 
Huawei SAN Storage How To - Assigning Management IP Address
Huawei SAN Storage How To - Assigning Management IP AddressHuawei SAN Storage How To - Assigning Management IP Address
Huawei SAN Storage How To - Assigning Management IP Address
IPMAX s.r.l.
 
Huawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP serverHuawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP server
IPMAX s.r.l.
 
Fortigate Firewall How to - DLP
Fortigate Firewall How to - DLPFortigate Firewall How to - DLP
Fortigate Firewall How to - DLP
IPMAX s.r.l.
 
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP modeHUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
IPMAX s.r.l.
 
FortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringFortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB Filtering
IPMAX s.r.l.
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZ
IPMAX s.r.l.
 

More from IPMAX s.r.l. (9)

Huawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mappingHuawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mapping
 
Huawei SAN Storage How To - Configuring the i-SCSI Communication Protocol
Huawei SAN Storage How To - Configuring the i-SCSI Communication ProtocolHuawei SAN Storage How To - Configuring the i-SCSI Communication Protocol
Huawei SAN Storage How To - Configuring the i-SCSI Communication Protocol
 
Huawei SAN Storage How To - ISM management application setup
Huawei SAN Storage How To - ISM management application setupHuawei SAN Storage How To - ISM management application setup
Huawei SAN Storage How To - ISM management application setup
 
Huawei SAN Storage How To - Assigning Management IP Address
Huawei SAN Storage How To - Assigning Management IP AddressHuawei SAN Storage How To - Assigning Management IP Address
Huawei SAN Storage How To - Assigning Management IP Address
 
Huawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP serverHuawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP server
 
Fortigate Firewall How to - DLP
Fortigate Firewall How to - DLPFortigate Firewall How to - DLP
Fortigate Firewall How to - DLP
 
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP modeHUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
 
FortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringFortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB Filtering
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZ
 

Recently uploaded

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
Product School
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Product School
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
Guy Korland
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Tobias Schneck
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
ThousandEyes
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
DianaGray10
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
Elena Simperl
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
Bhaskar Mitra
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Thierry Lestable
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
DanBrown980551
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
Frank van Harmelen
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
Kari Kakkonen
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Product School
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
UiPathCommunity
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
James Anderson
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
Alison B. Lowndes
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
Fwdays
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
Thijs Feryn
 

Recently uploaded (20)

How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...How world-class product teams are winning in the AI era by CEO and Founder, P...
How world-class product teams are winning in the AI era by CEO and Founder, P...
 
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdfFIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
FIDO Alliance Osaka Seminar: The WebAuthn API and Discoverable Credentials.pdf
 
Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...Mission to Decommission: Importance of Decommissioning Products to Increase E...
Mission to Decommission: Importance of Decommissioning Products to Increase E...
 
GraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge GraphGraphRAG is All You need? LLM & Knowledge Graph
GraphRAG is All You need? LLM & Knowledge Graph
 
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
Kubernetes & AI - Beauty and the Beast !?! @KCD Istanbul 2024
 
Assuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyesAssuring Contact Center Experiences for Your Customers With ThousandEyes
Assuring Contact Center Experiences for Your Customers With ThousandEyes
 
Connector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a buttonConnector Corner: Automate dynamic content and events by pushing a button
Connector Corner: Automate dynamic content and events by pushing a button
 
When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...When stars align: studies in data quality, knowledge graphs, and machine lear...
When stars align: studies in data quality, knowledge graphs, and machine lear...
 
Search and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical FuturesSearch and Society: Reimagining Information Access for Radical Futures
Search and Society: Reimagining Information Access for Radical Futures
 
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
Empowering NextGen Mobility via Large Action Model Infrastructure (LAMI): pav...
 
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdfFIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
FIDO Alliance Osaka Seminar: Passkeys and the Road Ahead.pdf
 
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
LF Energy Webinar: Electrical Grid Modelling and Simulation Through PowSyBl -...
 
Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*Neuro-symbolic is not enough, we need neuro-*semantic*
Neuro-symbolic is not enough, we need neuro-*semantic*
 
DevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA ConnectDevOps and Testing slides at DASA Connect
DevOps and Testing slides at DASA Connect
 
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
Unsubscribed: Combat Subscription Fatigue With a Membership Mentality by Head...
 
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...
 
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
GDG Cloud Southlake #33: Boule & Rebala: Effective AppSec in SDLC using Deplo...
 
Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........Bits & Pixels using AI for Good.........
Bits & Pixels using AI for Good.........
 
"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi"Impact of front-end architecture on development cost", Viktor Turskyi
"Impact of front-end architecture on development cost", Viktor Turskyi
 
Accelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish CachingAccelerate your Kubernetes clusters with Varnish Caching
Accelerate your Kubernetes clusters with Varnish Caching
 

Cisco Switch How To - Secure a Switch Port

  • 1. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Secure a Switch Port CISCO Switch
  • 2. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Next, you must identify a set of allowed MAC addresses so that the port can grant them access. You can explicitly configure addresses or they can be learned dynamically from port traffic. On each interface that uses port security, specify the maximum number of MAC addresses that will be allowed access using the following interface configuration command: Switch(config-if)#switchport port-security maximum max-addr 01 In some environments, a network must be secured by controlling what stations can gain access to the network itself. Where user workstations are stationary, their MAC addresses always can be expected to connect to the same access-layer switch ports. If stations are mobile, their MAC addresses can be learned dynamically or added to a list of addresses to expect on a switch port. Catalyst switches offer the port security feature to control port access based on MAC addresses. To configure port security on an access-layer switch port, begin by enabling it with the following interface-configuration command: Switch(config-if)#switchport port-security Secure a Switch Port CISCO Switch 1. Port security By default, only one MAC address will be allowed access on each switch port. You can set the maximum number of addresses in the range of 1 to 1,024.
  • 3. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT You also can statically define one or more MAC addresses on an interface. Any of these addresses are allowed to access the network through the port. Use the following interface configuration command to define a static address: Switch(config-if)#switchport port-security mac-address mac-addr 02 Each interface using port security dynamically learns MAC addresses by default and expects those addresses to appear on that interface in the future. These are called sticky MAC addresses. MAC addresses are learned as hosts transmit frames on an interface. The interface learns up to the maximum number of addresses allowed. Learned addresses also can be aged out of the table if those hosts are silent for a period of time. By default, no aging occurs. For example, to set the maximum number of MAC addresses that can be active on a switch port at any time to two, you could use the following command: Switch(config-if)#switchport port-security maximum 2 Secure a Switch Port CISCO Switch 2. Set maximum mac address
  • 4. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Finally, you must define how each interface using port security should react if a MAC address is in violation by using the following interface-configuration command: Switch(config-if)# switchport port-security violation {shutdown | restrict |protect} 03 The MAC address is given in dotted-triplet format. If the number of static addresses configured is less than the maximum number of addresses secured on a port, the remaining addresses are learned dynamically. Be sure to set the maximum number appropriately. You can use the following command to configure a static address entry on an interface: Switch(config-if)#switchport port-security mac-address 0006.5b02.a841 Secure a Switch Port CISCO Switch 3. Set reaction to violation A violation occurs if more than the maximum number of MAC addresses are learned or if an unknown (not statically defined) MAC address attempts to transmit on the port. The switch port takes one of the following configured actions when a violation is detected: • Shutdown - The port immediately is put into the errdisable state, which effectively shuts it down. It must be re-enabled manually or through errdisable recovery to be used again. • Restrict - The port is allowed to stay up, but all packets from violating MAC addresses are dropped. The switch keeps a running count of the number of violating packets and can send an SNMP trap and a syslog message as an alert of the violation. • Protect - The port is allowed to stay up, as in the restrict mode. Although packets from violating addresses are dropped, no record of the violation is kept.
  • 5. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT When the default maximum of one MAC address is exceeded on this interface, the condition is logged but the interface stays up. This is shown by the following syslog message: Jun 3 17:18:41.888 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5e00.0101 on port GigabitEthernet0/11 04 As an example of the restrict mode, a switch interface has received the following configuration commands: interface GigabitEthernet0/11 switchport access vlan 991 switchport mode access switchport port-security switchport port-security violation restrict spanning-tree portfast Secure a Switch Port CISCO Switch 3. Set reaction to violation In the shutdown mode, the port security action is much more drastic. When the maximum number of MAC add resses is exceeded, the following syslog messages indicate that the port has been shut down in the errdisable state: Jun 3 17:14:19.018 EDT: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/11, putting Gi0/11 in err-disable state Jun 3 17:14:19.022 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0003.a089.efc5 on port GigabitEthernet0/11. Jun 3 17:14:20.022 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Gigabit Ethernet0/ 11, changed state to down Jun 3 17:14:21.023 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet0/11, changed state to down
  • 6. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT 05 The command show port-security interface , shows port status as you can see in the following exemple Switch#show port-security interface gigabitethernet 0/11 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 0 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 0003.a089.efc5 Security Violation Count : 1 Secure a Switch Port CISCO Switch 4. Port Status To see a quick summary of only ports in the errdisable state, along with the reason for errdisable, you can use the show interfaces status err-disabled command, as demonstrated in Example Switch#show interfaces status err-disabled Port Name Status Reason Gi0/11 Test port err-disabled psecure-violation
  • 7. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT 06 Finally, you can display a summary of the port-security status with the show port-security command, as demonstrated in next Example Switch#show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Gi0/11 5 1 0 Restrict Gi0/12 1 0 0 Shutdown --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 6176 Secure a Switch Port CISCO Switch 4. Port Status
  • 8. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT More Needs? Services and Solutions Products Remote IpService Security Via Ponchielli, 4 20063 Cernusco sul Naviglio (MI) – Italy +39 02 9290 9171 info_ipmax@ipmax.it About us IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation