SlideShare a Scribd company logo

Port Security

NetProtocol Xpert
NetProtocol Xpert

This document discusses port security on Cisco switches. It explains that by default all switch ports are open, allowing any device to connect. Port security allows restricting a port to only allow specific MAC addresses, preventing unauthorized access. It provides steps to configure port security by defining the port as an access port, enabling port security, and specifying allowed MAC addresses. It also describes optional settings like violation actions and maximum MAC addresses. An example configuration is given to demonstrate learning and blocking additional MACs on a port.

Engineering
1 of 8
www.netprotocolxpert.in
 By default, all interfaces on a Cisco switch are turned on.  That means that an attacker could connect to your network through a wall socket and potentially threaten your network.  If you know which devices will be connected to which ports, you can use the Cisco security feature called port security.  By using port security, a network administrator can associate specific MAC addresses with the interface, which can prevent an attacker to connect his device.  This way you can restrict access to an interface so that only the authorized devices can use it. If an unauthorized device is connected, you can decide what action the switch will take, for example discarding the traffic and shutting down the port.
 To configure port security, three steps are required: 1. Define the interface as an access interface by using the switchport mode access interface subcommand 2. Enable port security by using the switchport port- security interface subcommand 3. Define which MAC addresses are allowed to send frames through this interface by using the switchport port-security mac-address MAC_ADDRESS interface subcommand or using the swichport port-security mac-address sticky interface subcommand to dynamically learn the MAC address of the currently connected host
 Two steps are optional: 1. Define what action the switch will take when receiving a frame from an unauthorized device by using the port security violation {protect | restrict | shutdown} interface subcommand. All three options discards the traffic from the unauthorized device. The restrict and shutdown options send a log messages when a violation occurs. Shut down mode also shuts down the port. 2. Define the maximum number of MAC addresses that can be used on the port by using the switchport port-security maximum NUMBER interface submode command
 The following example shows the configuration of port security on a Cisco switch:
 First, we need to enable port security and define which MAC addresses are allowed to send frames:
 Next, by using the show port-security interface fa0/1 we can see that the switch has learned the MAC address of host A:
 By default, the maximum number of allowed MAC addresses are one, so if we connect another host to the same port, the security violation will occur:  Status code of „err-disabled“ means that the security violation occurred on the port.  NOTE - to enable the port, we need to use the shutdown and no shutdown interface subcommands

Recommended

Switching and Port Security
Switching and Port Security Switching and Port Security
Switching and Port Security
usman19
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptx
SulSya
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
samis
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
Switch security
Switch securitySwitch security
Switch security
nullowaspmumbai
 
Ether channel fundamentals
Ether channel fundamentalsEther channel fundamentals
Ether channel fundamentalsEdgardo Scrimaglia
 
Network switch
Network switchNetwork switch
Network switch
Ravinder Kaur
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
Muuluu
 

Recommended

Switching and Port Security
Switching and Port Security Switching and Port Security
Switching and Port Security
usman19
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptx
SulSya
 
Network Security - Layer 2
Network Security - Layer 2Network Security - Layer 2
Network Security - Layer 2
samis
 
How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
Switch security
Switch securitySwitch security
Switch security
nullowaspmumbai
 
Ether channel fundamentals
Ether channel fundamentalsEther channel fundamentals
Ether channel fundamentalsEdgardo Scrimaglia
 
Network switch
Network switchNetwork switch
Network switch
Ravinder Kaur
 
Spanning tree protocol
Spanning tree protocolSpanning tree protocol
Spanning tree protocol
Muuluu
 
Cisco router configuration tutorial
Cisco router configuration tutorialCisco router configuration tutorial
Cisco router configuration tutorialIT Tech
 
Static Routing
Static RoutingStatic Routing
Static Routing
Sachii Dosti
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRPKishore Kumar
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting PresentationTouhidul Fahim
 
Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)welcometofacebook
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewallmohannadalhanahnah
 
IP Routing
IP RoutingIP Routing
IP RoutingRavi Shairaywal
 
Lan technologies
Lan technologiesLan technologies
Lan technologiesManusha Dilan
 
200 301-ccna
200 301-ccna200 301-ccna
200 301-ccna
Jasser Kouki
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
NetProtocol Xpert
 
Spannig tree
Spannig treeSpannig tree
Spannig tree1 2d
 
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIPCCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
sushmil123
 
IPV6 ADDRESS
IPV6 ADDRESSIPV6 ADDRESS
IPV6 ADDRESS
Jothi Lakshmi
 
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSDay 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSanilinvns
 
SPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANSPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPAN
NetProtocol Xpert
 
Open Shortest Path First
Open Shortest Path FirstOpen Shortest Path First
Open Shortest Path FirstKashif Latif
 
Chapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routingChapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routing
teknetir
 
Mikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerMikrotik Hotspot User Manager
Mikrotik Hotspot User Manager
KHNOG
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
AIRTEL
 
CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03
Irsandi Hasan
 
Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port Security
Hamed Moghaddam
 
Port security
Port securityPort security
Port security
borepatch
 

More Related Content

What's hot

Cisco router configuration tutorial
Cisco router configuration tutorialCisco router configuration tutorial
Cisco router configuration tutorialIT Tech
 
Static Routing
Static RoutingStatic Routing
Static Routing
Sachii Dosti
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRPKishore Kumar
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting PresentationTouhidul Fahim
 
Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)welcometofacebook
 
200 301-ccna
200 301-ccna200 301-ccna
200 301-ccna
Jasser Kouki
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
NetProtocol Xpert
 
Spannig tree
Spannig treeSpannig tree
Spannig tree1 2d
 
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIPCCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
sushmil123
 
IPV6 ADDRESS
IPV6 ADDRESSIPV6 ADDRESS
IPV6 ADDRESS
Jothi Lakshmi
 
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSDay 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSanilinvns
 
SPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANSPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPAN
NetProtocol Xpert
 
Open Shortest Path First
Open Shortest Path FirstOpen Shortest Path First
Open Shortest Path FirstKashif Latif
 
Chapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routingChapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routing
teknetir
 
Mikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerMikrotik Hotspot User Manager
Mikrotik Hotspot User Manager
KHNOG
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
AIRTEL
 
CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03
Irsandi Hasan
 

What's hot (20)

Cisco router configuration tutorial
Cisco router configuration tutorialCisco router configuration tutorial
Cisco router configuration tutorial
 
Static Routing
Static RoutingStatic Routing
Static Routing
 
Dynamic Routing IGRP
Dynamic Routing IGRPDynamic Routing IGRP
Dynamic Routing IGRP
 
Subnetting Presentation
Subnetting PresentationSubnetting Presentation
Subnetting Presentation
 
Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)Layer 2 switching fundamentals(networking)
Layer 2 switching fundamentals(networking)
 
CCNP Security-Firewall
CCNP Security-FirewallCCNP Security-Firewall
CCNP Security-Firewall
 
IP Routing
IP RoutingIP Routing
IP Routing
 
Lan technologies
Lan technologiesLan technologies
Lan technologies
 
200 301-ccna
200 301-ccna200 301-ccna
200 301-ccna
 
Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)Dynamic ARP Inspection (DAI)
Dynamic ARP Inspection (DAI)
 
Spannig tree
Spannig treeSpannig tree
Spannig tree
 
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIPCCNA Routing Fundamentals - EIGRP, OSPF and RIP
CCNA Routing Fundamentals - EIGRP, OSPF and RIP
 
IPV6 ADDRESS
IPV6 ADDRESSIPV6 ADDRESS
IPV6 ADDRESS
 
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERSDay 1 INTRODUCTION TO IOS AND CISCO ROUTERS
Day 1 INTRODUCTION TO IOS AND CISCO ROUTERS
 
SPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPANSPAN, RSPAN and ERSPAN
SPAN, RSPAN and ERSPAN
 
Open Shortest Path First
Open Shortest Path FirstOpen Shortest Path First
Open Shortest Path First
 
Chapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routingChapter 16 : inter-vlan routing
Chapter 16 : inter-vlan routing
 
Mikrotik Hotspot User Manager
Mikrotik Hotspot User ManagerMikrotik Hotspot User Manager
Mikrotik Hotspot User Manager
 
CCNA PPT
CCNA PPTCCNA PPT
CCNA PPT
 
CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03CCNA v6.0 ITN - Chapter 03
CCNA v6.0 ITN - Chapter 03
 

Viewers also liked

Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port Security
Hamed Moghaddam
 
Port security
Port securityPort security
Port security
borepatch
 
Ip -subnetting
Ip -subnettingIp -subnetting
Ip -subnettingnithinj54
 
Visual ip subnetting
Visual ip subnettingVisual ip subnetting
Visual ip subnetting
SMC Networks Europe
 
Port Security - Possible Technology Interventions and Solutioning
Port Security - Possible Technology Interventions and SolutioningPort Security - Possible Technology Interventions and Solutioning
Port Security - Possible Technology Interventions and SolutioningAmol Vidwans
 
Container Security Initiative CSI
Container Security Initiative CSIContainer Security Initiative CSI
Container Security Initiative CSI
CargoTrax Singapore Pte Ltd
 
How to create Security on Cisco switch
How to create Security on Cisco switchHow to create Security on Cisco switch
How to create Security on Cisco switchtcpipguru
 
Africa 24 6 2011 Port Security Pdf
Africa 24 6 2011 Port Security PdfAfrica 24 6 2011 Port Security Pdf
Africa 24 6 2011 Port Security Pdf
Firoze Hussain
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
SMC Networks Europe
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
dkaya
 
Mac addresses(media access control)
Mac addresses(media access control)Mac addresses(media access control)
Mac addresses(media access control)Ismail Mukiibi
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 
Subnetting Basics Tutorial
Subnetting Basics TutorialSubnetting Basics Tutorial
Subnetting Basics Tutorial
mikem801
 
Switching
SwitchingSwitching
Switching
sheekha_11
 
Switching Techniques
Switching TechniquesSwitching Techniques
Switching Techniquestameemyousaf
 
Computer network switching
Computer network switchingComputer network switching
Computer network switching
Shivani Godha
 
Medium Access Control
Medium Access ControlMedium Access Control
Medium Access Control
anishgoel
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
IGZ Software house
 
Internet protocol (ip) ppt
Internet protocol (ip) pptInternet protocol (ip) ppt
Internet protocol (ip) ppt
Dulith Kasun
 

Viewers also liked (20)

Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port Security
 
Port security
Port securityPort security
Port security
 
Ip -subnetting
Ip -subnettingIp -subnetting
Ip -subnetting
 
Visual ip subnetting
Visual ip subnettingVisual ip subnetting
Visual ip subnetting
 
Port Security - Possible Technology Interventions and Solutioning
Port Security - Possible Technology Interventions and SolutioningPort Security - Possible Technology Interventions and Solutioning
Port Security - Possible Technology Interventions and Solutioning
 
Container Security Initiative CSI
Container Security Initiative CSIContainer Security Initiative CSI
Container Security Initiative CSI
 
How to create Security on Cisco switch
How to create Security on Cisco switchHow to create Security on Cisco switch
How to create Security on Cisco switch
 
Africa 24 6 2011 Port Security Pdf
Africa 24 6 2011 Port Security PdfAfrica 24 6 2011 Port Security Pdf
Africa 24 6 2011 Port Security Pdf
 
TCP/IP Basics
TCP/IP BasicsTCP/IP Basics
TCP/IP Basics
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Security
 
Mac addresses(media access control)
Mac addresses(media access control)Mac addresses(media access control)
Mac addresses(media access control)
 
Cisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening GuideCisco Router and Switch Security Hardening Guide
Cisco Router and Switch Security Hardening Guide
 
Subnetting Basics Tutorial
Subnetting Basics TutorialSubnetting Basics Tutorial
Subnetting Basics Tutorial
 
Switching
SwitchingSwitching
Switching
 
Switching Techniques
Switching TechniquesSwitching Techniques
Switching Techniques
 
Ip address
Ip addressIp address
Ip address
 
Computer network switching
Computer network switchingComputer network switching
Computer network switching
 
Medium Access Control
Medium Access ControlMedium Access Control
Medium Access Control
 
Ip address and subnetting
Ip address and subnettingIp address and subnetting
Ip address and subnetting
 
Internet protocol (ip) ppt
Internet protocol (ip) pptInternet protocol (ip) ppt
Internet protocol (ip) ppt
 

Similar to Port Security

SRWE_Module_11.pptx
SRWE_Module_11.pptxSRWE_Module_11.pptx
SRWE_Module_11.pptx
Josimar Caitano
 
Cisco Switch How To - Secure a Switch Port
Cisco Switch How To - Secure a Switch PortCisco Switch How To - Secure a Switch Port
Cisco Switch How To - Secure a Switch Port
IPMAX s.r.l.
 
Switchport port security explained with examples
Switchport port security explained with examplesSwitchport port security explained with examples
Switchport port security explained with examples
teameassefa
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switch
Hector Camba Lainez
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport securityIT Tech
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptx
joko
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
BachaSirata
 
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
INFitunes
 
Attack.pptx
Attack.pptxAttack.pptx
Attack.pptx
ISMT College
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.ppt
Raj Kumar
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
Mukesh Chaudhari
 
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.pptCh06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
gocokir267
 
A firewall is a network security device.
A firewall is a network security device.A firewall is a network security device.
A firewall is a network security device.
abidhassan225
 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection system
newbie2019
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
Abdelkhalik Mosa
 
Capitulo 6 v 2 0
Capitulo 6 v 2 0Capitulo 6 v 2 0
Capitulo 6 v 2 0
milkux
 

Similar to Port Security (20)

SRWE_Module_11.pptx
SRWE_Module_11.pptxSRWE_Module_11.pptx
SRWE_Module_11.pptx
 
Cisco Switch How To - Secure a Switch Port
Cisco Switch How To - Secure a Switch PortCisco Switch How To - Secure a Switch Port
Cisco Switch How To - Secure a Switch Port
 
Switchport port security explained with examples
Switchport port security explained with examplesSwitchport port security explained with examples
Switchport port security explained with examples
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switch
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport security
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptx
 
Chapter_Five[1].ppt
Chapter_Five[1].pptChapter_Five[1].ppt
Chapter_Five[1].ppt
 
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
 
Netdefender
NetdefenderNetdefender
Netdefender
 
Attack.pptx
Attack.pptxAttack.pptx
Attack.pptx
 
firewalls.ppt
firewalls.pptfirewalls.ppt
firewalls.ppt
 
Net Defender
Net DefenderNet Defender
Net Defender
 
Wp ci securing_layer2
Wp ci securing_layer2Wp ci securing_layer2
Wp ci securing_layer2
 
Attacks and their mitigations
Attacks and their mitigationsAttacks and their mitigations
Attacks and their mitigations
 
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.pptCh06-NetworkSecurity2-firewall-tunneling-IDS.ppt
Ch06-NetworkSecurity2-firewall-tunneling-IDS.ppt
 
A firewall is a network security device.
A firewall is a network security device.A firewall is a network security device.
A firewall is a network security device.
 
Ch6
Ch6Ch6
Ch6
 
Pertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection systemPertemuan 9 intrusion detection system
Pertemuan 9 intrusion detection system
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
 
Capitulo 6 v 2 0
Capitulo 6 v 2 0Capitulo 6 v 2 0
Capitulo 6 v 2 0
 

More from NetProtocol Xpert

Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
NetProtocol Xpert
 
MPLS Layer 3 VPN
MPLS Layer 3 VPN MPLS Layer 3 VPN
MPLS Layer 3 VPN
NetProtocol Xpert
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
NetProtocol Xpert
 
Storm-Control
Storm-ControlStorm-Control
Storm-Control
NetProtocol Xpert
 
IP Source Guard
IP Source Guard IP Source Guard
IP Source Guard
NetProtocol Xpert
 
DHCP Snooping
DHCP SnoopingDHCP Snooping
DHCP Snooping
NetProtocol Xpert
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
NetProtocol Xpert
 
Application & Data Center
Application & Data CenterApplication & Data Center
Application & Data Center
NetProtocol Xpert
 
Cisco ISR 4351 Router
Cisco ISR 4351 RouterCisco ISR 4351 Router
Cisco ISR 4351 Router
NetProtocol Xpert
 
Cisco ASR 1001-X Router
Cisco ASR 1001-X RouterCisco ASR 1001-X Router
Cisco ASR 1001-X Router
NetProtocol Xpert
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
NetProtocol Xpert
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAP
NetProtocol Xpert
 
Avoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a commandAvoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a command
NetProtocol Xpert
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesTCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and Switches
NetProtocol Xpert
 
Private VLANs
Private VLANsPrivate VLANs
Private VLANs
NetProtocol Xpert
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)
NetProtocol Xpert
 
OTV Configuration
OTV ConfigurationOTV Configuration
OTV Configuration
NetProtocol Xpert
 
Cisco OTV 
Cisco OTV Cisco OTV 
Cisco OTV 
NetProtocol Xpert
 
OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)
NetProtocol Xpert
 
Regular expression examples
Regular expression examplesRegular expression examples
Regular expression examples
NetProtocol Xpert
 

More from NetProtocol Xpert (20)

Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)Basic Cisco ASA 5506-x Configuration (Firepower)
Basic Cisco ASA 5506-x Configuration (Firepower)
 
MPLS Layer 3 VPN
MPLS Layer 3 VPN MPLS Layer 3 VPN
MPLS Layer 3 VPN
 
Common Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & MitigationCommon Layer 2 Threats, Attacks & Mitigation
Common Layer 2 Threats, Attacks & Mitigation
 
Storm-Control
Storm-ControlStorm-Control
Storm-Control
 
IP Source Guard
IP Source Guard IP Source Guard
IP Source Guard
 
DHCP Snooping
DHCP SnoopingDHCP Snooping
DHCP Snooping
 
Password Recovery
Password RecoveryPassword Recovery
Password Recovery
 
Application & Data Center
Application & Data CenterApplication & Data Center
Application & Data Center
 
Cisco ISR 4351 Router
Cisco ISR 4351 RouterCisco ISR 4351 Router
Cisco ISR 4351 Router
 
Cisco ASR 1001-X Router
Cisco ASR 1001-X RouterCisco ASR 1001-X Router
Cisco ASR 1001-X Router
 
Securing management, control & data plane
Securing management, control & data planeSecuring management, control & data plane
Securing management, control & data plane
 
Point to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAPPoint to-point protocol (ppp), PAP & CHAP
Point to-point protocol (ppp), PAP & CHAP
 
Avoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a commandAvoid DNS lookup when mistyping a command
Avoid DNS lookup when mistyping a command
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and SwitchesTCLSH and Macro Ping Test on Cisco Routers and Switches
TCLSH and Macro Ping Test on Cisco Routers and Switches
 
Private VLANs
Private VLANsPrivate VLANs
Private VLANs
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)MTU (maximum transmission unit) & MRU (maximum receive unit)
MTU (maximum transmission unit) & MRU (maximum receive unit)
 
OTV Configuration
OTV ConfigurationOTV Configuration
OTV Configuration
 
Cisco OTV 
Cisco OTV Cisco OTV 
Cisco OTV 
 
OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)OTV(Overlay Transport Virtualization)
OTV(Overlay Transport Virtualization)
 
Regular expression examples
Regular expression examplesRegular expression examples
Regular expression examples
 

Recently uploaded

Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Dr.Costas Sachpazis
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
fxintegritypublishin
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
Kamal Acharya
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
FluxPrime1
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
MdTanvirMahtab2
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
Osamah Alsalih
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation & Control
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
Intella Parts
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
JoytuBarua2
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
ankuprajapati0525
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
Neometrix_Engineering_Pvt_Ltd
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
VENKATESHvenky89705
 
addressing modes in computer architecture
addressing modes in computer architectureaddressing modes in computer architecture
addressing modes in computer architecture
ShahidSultan24
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Sreedhar Chowdam
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
Kamal Acharya
 
Automobile Management System Project Report.pdf
Automobile Management System Project Report.pdfAutomobile Management System Project Report.pdf
Automobile Management System Project Report.pdf
Kamal Acharya
 
Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
MuhammadTufail242431
 
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSETECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
DuvanRamosGarzon1
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
MLILAB
 

Recently uploaded (20)

Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
Sachpazis:Terzaghi Bearing Capacity Estimation in simple terms with Calculati...
 
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdfHybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
Hybrid optimization of pumped hydro system and solar- Engr. Abdul-Azeez.pdf
 
Cosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdfCosmetic shop management system project report.pdf
Cosmetic shop management system project report.pdf
 
DESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docxDESIGN A COTTON SEED SEPARATION MACHINE.docx
DESIGN A COTTON SEED SEPARATION MACHINE.docx
 
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
Industrial Training at Shahjalal Fertilizer Company Limited (SFCL)
 
MCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdfMCQ Soil mechanics questions (Soil shear strength).pdf
MCQ Soil mechanics questions (Soil shear strength).pdf
 
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdfJ.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
J.Yang, ICLR 2024, MLILAB, KAIST AI.pdf
 
Water Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdfWater Industry Process Automation and Control Monthly - May 2024.pdf
Water Industry Process Automation and Control Monthly - May 2024.pdf
 
Forklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella PartsForklift Classes Overview by Intella Parts
Forklift Classes Overview by Intella Parts
 
Planning Of Procurement o different goods and services
Planning Of Procurement o different goods and servicesPlanning Of Procurement o different goods and services
Planning Of Procurement o different goods and services
 
The role of big data in decision making.
The role of big data in decision making.The role of big data in decision making.
The role of big data in decision making.
 
Standard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - NeometrixStandard Reomte Control Interface - Neometrix
Standard Reomte Control Interface - Neometrix
 
road safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdfroad safety engineering r s e unit 3.pdf
road safety engineering r s e unit 3.pdf
 
addressing modes in computer architecture
addressing modes in computer architectureaddressing modes in computer architecture
addressing modes in computer architecture
 
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&BDesign and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
Design and Analysis of Algorithms-DP,Backtracking,Graphs,B&B
 
Courier management system project report.pdf
Courier management system project report.pdfCourier management system project report.pdf
Courier management system project report.pdf
 
Automobile Management System Project Report.pdf
Automobile Management System Project Report.pdfAutomobile Management System Project Report.pdf
Automobile Management System Project Report.pdf
 
Halogenation process of chemical process industries
Halogenation process of chemical process industriesHalogenation process of chemical process industries
Halogenation process of chemical process industries
 
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSETECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
TECHNICAL TRAINING MANUAL GENERAL FAMILIARIZATION COURSE
 
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdfH.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
H.Seo, ICLR 2024, MLILAB, KAIST AI.pdf
 

Port Security

  • 2.  By default, all interfaces on a Cisco switch are turned on.  That means that an attacker could connect to your network through a wall socket and potentially threaten your network.  If you know which devices will be connected to which ports, you can use the Cisco security feature called port security.  By using port security, a network administrator can associate specific MAC addresses with the interface, which can prevent an attacker to connect his device.  This way you can restrict access to an interface so that only the authorized devices can use it. If an unauthorized device is connected, you can decide what action the switch will take, for example discarding the traffic and shutting down the port.
  • 3.  To configure port security, three steps are required: 1. Define the interface as an access interface by using the switchport mode access interface subcommand 2. Enable port security by using the switchport port- security interface subcommand 3. Define which MAC addresses are allowed to send frames through this interface by using the switchport port-security mac-address MAC_ADDRESS interface subcommand or using the swichport port-security mac-address sticky interface subcommand to dynamically learn the MAC address of the currently connected host
  • 4.  Two steps are optional: 1. Define what action the switch will take when receiving a frame from an unauthorized device by using the port security violation {protect | restrict | shutdown} interface subcommand. All three options discards the traffic from the unauthorized device. The restrict and shutdown options send a log messages when a violation occurs. Shut down mode also shuts down the port. 2. Define the maximum number of MAC addresses that can be used on the port by using the switchport port-security maximum NUMBER interface submode command
  • 5.  The following example shows the configuration of port security on a Cisco switch:
  • 6.  First, we need to enable port security and define which MAC addresses are allowed to send frames:
  • 7.  Next, by using the show port-security interface fa0/1 we can see that the switch has learned the MAC address of host A:
  • 8.  By default, the maximum number of allowed MAC addresses are one, so if we connect another host to the same port, the security violation will occur:  Status code of „err-disabled“ means that the security violation occurred on the port.  NOTE - to enable the port, we need to use the shutdown and no shutdown interface subcommands