SlideShare a Scribd company logo

How to Configure Port-Security on Cisco Switch for Enhanced Network Security .pptx

Download as PPTX, PDF
INFitunes, profile picture
INFitunes

Switch port security can be configured to restrict access to ports by limiting the number of MAC addresses and enforcing violations. The steps are: 1. Set the interface mode to access and enable port security. 2. Set the maximum secure MAC addresses and violation mode which can be protect, restrict, or shutdown. 3. Configure the rate limit for invalid source MAC addresses and specify allowed secure MAC addresses.

Technology
1 of 4
Download to read offline
1
2
Most read
3
Most read
4
Most read
192.168.20.0/30 .1 .2 Restrict Switch Port Security Shutdown | Restrict | Protect
Switchport security-part-01 Violation: shutdown Step 1: Enter interface configuration mode and input the physical interface to configure. We will be using FastEthernet 0/2 as an example. Switch(config)# interface FastEthernet 0/2 Step 2: Set the interface mode to access. The default mode, which is dynamic desirable, cannot be configured to be a secured port. Switch(config-if)# switchport mode access Step 3: Enable port security on the interface. Switch(config-if)# switchport port-security Step 4: Set the maximum number of secure MAC addresses for the interface, which ranges from 1 to 3072, wherein the default value is 1. Switch(config-if)# switchport port-security maximum {1-3072}
Switch port Action During the Port security Violation Protect Restrict Shutdown Discard Offending Traffic Yes Yes Yes Sends log and SNMP message No Yes Yes Disable the interface by putting it in an err-disabled state, discarding all No No Yes Step 5: Configure the violation mode on the port. Actions that shall be taken when a security violation is detected. Refer to the table below for the actions to be taken. Switch(config-if)# switchport port-security violation {protect| restrict | shutdown} NOTE: When a secure port is in an error-disabled state, you can bring it out of the state by issuing the command ‘errdisable recovery cause psecure-violation’ at the global configuration mode, or you can manually reenable it by entering the ‘shutdown’ and ‘no shutdown’ commands.
Step 6: Set the rate limit for bad packets. Switch(config-if)# switchport port-security limit rate invalid-source-mac Step 7: Input the identified secure MAC addresses for the interface. You can use this command to limit the maximum number of secure MAC addresses. If in case, you configure fewer secure MAC addresses than the maximum, then the remaining MAC addresses are dynamically learned. Switch(config-if)# switchport port-security mac-address {mac_address} Step 8: Verify your configuration by the following commands below. Switch# show port-security address interface FastEthernet 2/1 Switch# show port-security address

More Related Content

DOCX
Switchport port security explained with examples
teameassefa
 
PPTX
Security Concerns in LANs.pptx
joko
 
PDF
Cisco Switch How To - Secure a Switch Port
IPMAX s.r.l.
 
PPT
Cap2 configuring switch
Hector Camba Lainez
 
PPTX
SRWE_Module_11.pptx
Josimar Caitano
 
DOCX
Configuring dynamic switchport security
IT Tech
 
PPTX
Switch security
nullowaspmumbai
 
PPT
Chapter 14 - Sw Conf
phanleson
 
Switchport port security explained with examples
teameassefa
 
Security Concerns in LANs.pptx
joko
 
Cisco Switch How To - Secure a Switch Port
IPMAX s.r.l.
 
Cap2 configuring switch
Hector Camba Lainez
 
SRWE_Module_11.pptx
Josimar Caitano
 
Configuring dynamic switchport security
IT Tech
 
Switch security
nullowaspmumbai
 
Chapter 14 - Sw Conf
phanleson
 

Similar to How to Configure Port-Security on Cisco Switch for Enhanced Network Security .pptx (20)

DOCX
How to configure port security in cisco switch
IT Tech
 
PPTX
Network Security- port security.pptx
SulSya
 
PPT
Ch6
scary5800
 
PDF
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
PPT
Cisco Training CCNA and Routing Switching.ppt
AniruddhSharma65
 
PDF
2.2.4.9 packet tracer configuring switch port security instructions - ig
Alex Ramirez
 
PPTX
Port Security
NetProtocol Xpert
 
PDF
Hướng dẫn cài đặt switch planet layer 3
3c telecom
 
PDF
CCNA Lab 2-Configuring a Switch Part II
Amir Jafari
 
PDF
Securing Switch Access
Netwax Lab
 
PPTX
Cisco CCNA Port Security
Hamed Moghaddam
 
PPT
Mitigating Layer2 Attacks
dkaya
 
PDF
Communication & switching networks lab manual
MUSAAB HASAN
 
PPTX
Session 2
ahmed elmeghiny
 
PDF
Nat mikrotik
louisraj
 
PDF
How can you configure Wireshark to always recognize port 444 as an S.pdf
arkleatheray
 
PPTX
Switching techniques in networking and uses
lochanraj1
 
PPTX
Layer 2 Attacks and Defense Techniques.pptx
ssuser46e032
 
PPS
Ccna Imp Guide
abhijitgnbbl
 
PPT
Cisco Security Training on ASA and FMC.ppt.ppt
AniruddhSharma65
 
How to configure port security in cisco switch
IT Tech
 
Network Security- port security.pptx
SulSya
 
Ch6
scary5800
 
6.5.1.2 packet tracer layer 2 security instructor
Salem Trabelsi
 
Cisco Training CCNA and Routing Switching.ppt
AniruddhSharma65
 
2.2.4.9 packet tracer configuring switch port security instructions - ig
Alex Ramirez
 
Port Security
NetProtocol Xpert
 
Hướng dẫn cài đặt switch planet layer 3
3c telecom
 
CCNA Lab 2-Configuring a Switch Part II
Amir Jafari
 
Securing Switch Access
Netwax Lab
 
Cisco CCNA Port Security
Hamed Moghaddam
 
Mitigating Layer2 Attacks
dkaya
 
Communication & switching networks lab manual
MUSAAB HASAN
 
Session 2
ahmed elmeghiny
 
Nat mikrotik
louisraj
 
How can you configure Wireshark to always recognize port 444 as an S.pdf
arkleatheray
 
Switching techniques in networking and uses
lochanraj1
 
Layer 2 Attacks and Defense Techniques.pptx
ssuser46e032
 
Ccna Imp Guide
abhijitgnbbl
 
Cisco Security Training on ASA and FMC.ppt.ppt
AniruddhSharma65
 
Ad

More from INFitunes (9)

PPT
ppt cisco exam-001.ppt
INFitunes
 
PPTX
info grapic template.pptx
INFitunes
 
PPTX
IP Subnetting for IPv4.pptx
INFitunes
 
PPTX
Disadvantage Of SSD and limitations
INFitunes
 
PPTX
Spanning Tree Protocol and Examples
INFitunes
 
PPTX
VLAN, VTP, DTP, Ether channel Cheat Sheet With examples.pptx
INFitunes
 
PPTX
Computer mamory units
INFitunes
 
PPTX
Basic interview question for Ether Channel.
INFitunes
 
PPSX
The osi model layers
INFitunes
 
ppt cisco exam-001.ppt
INFitunes
 
info grapic template.pptx
INFitunes
 
IP Subnetting for IPv4.pptx
INFitunes
 
Disadvantage Of SSD and limitations
INFitunes
 
Spanning Tree Protocol and Examples
INFitunes
 
VLAN, VTP, DTP, Ether channel Cheat Sheet With examples.pptx
INFitunes
 
Computer mamory units
INFitunes
 
Basic interview question for Ether Channel.
INFitunes
 
The osi model layers
INFitunes
 
Ad

Recently uploaded (20)

PDF
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
PPT
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
PDF
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
PDF
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
PPTX
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
PDF
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
PDF
August Patch Tuesday
Ivanti
 
PDF
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
PDF
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
PPTX
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
PDF
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
PPTX
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
PDF
Getting Started with Data Integration: FME Form 101
Safe Software
 
PPTX
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
PDF
project resource management chapter-09.pdf
ssuser00e6e21
 
PDF
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
PPTX
The various Industrial Revolutions .pptx
bandileshozi3
 
PDF
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
PDF
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
PDF
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 
Enhancing emotion recognition model for a student engagement use case through...
IAESIJAI
 
Module 1.ppt Iot fundamentals and Architecture
nanditha7766
 
Univ-Connecticut-ChatGPT-Presentaion.pdf
ry7r52mzb4
 
TrustArc Webinar - Click, Consent, Trust: Winning the Privacy Game
TrustArc
 
observCloud-Native Containerability and monitoring.pptx
anupsingh76937
 
Hindi spoken digit analysis for native and non-native speakers
IAESIJAI
 
August Patch Tuesday
Ivanti
 
ENT215_Completing-a-large-scale-migration-and-modernization-with-AWS.pdf
ssuser28425f
 
Zenith AI: Advanced Artificial Intelligence
Biz Preneurs
 
TechTalks-8-2019-Service-Management-ITIL-Refresh-ITIL-4-Framework-Supports-Ou...
bonakiduza1024
 
DASA ADMISSION 2024_FirstRound_FirstRank_LastRank.pdf
rameswartudu05
 
OMC Textile Division Presentation 2021.pptx
JahangirAlam816069
 
Getting Started with Data Integration: FME Form 101
Safe Software
 
TLE Review Electricity (Electricity).pptx
JayPolicarpio2
 
project resource management chapter-09.pdf
ssuser00e6e21
 
Architecture types and enterprise applications.pdf
ChristopherTHyatt
 
The various Industrial Revolutions .pptx
bandileshozi3
 
DP Operators-handbook-extract for the Mautical Institute
LeonelMejiaLarios
 
1 - Historical Antecedents, Social Consideration.pdf
tuazon2030627
 
NewMind AI Weekly Chronicles – August ’25 Week III
NewMind AI
 

How to Configure Port-Security on Cisco Switch for Enhanced Network Security .pptx

  • 1. 192.168.20.0/30 .1 .2 Restrict Switch Port Security Shutdown | Restrict | Protect
  • 2. Switchport security-part-01 Violation: shutdown Step 1: Enter interface configuration mode and input the physical interface to configure. We will be using FastEthernet 0/2 as an example. Switch(config)# interface FastEthernet 0/2 Step 2: Set the interface mode to access. The default mode, which is dynamic desirable, cannot be configured to be a secured port. Switch(config-if)# switchport mode access Step 3: Enable port security on the interface. Switch(config-if)# switchport port-security Step 4: Set the maximum number of secure MAC addresses for the interface, which ranges from 1 to 3072, wherein the default value is 1. Switch(config-if)# switchport port-security maximum {1-3072}
  • 3. Switch port Action During the Port security Violation Protect Restrict Shutdown Discard Offending Traffic Yes Yes Yes Sends log and SNMP message No Yes Yes Disable the interface by putting it in an err-disabled state, discarding all No No Yes Step 5: Configure the violation mode on the port. Actions that shall be taken when a security violation is detected. Refer to the table below for the actions to be taken. Switch(config-if)# switchport port-security violation {protect| restrict | shutdown} NOTE: When a secure port is in an error-disabled state, you can bring it out of the state by issuing the command ‘errdisable recovery cause psecure-violation’ at the global configuration mode, or you can manually reenable it by entering the ‘shutdown’ and ‘no shutdown’ commands.
  • 4. Step 6: Set the rate limit for bad packets. Switch(config-if)# switchport port-security limit rate invalid-source-mac Step 7: Input the identified secure MAC addresses for the interface. You can use this command to limit the maximum number of secure MAC addresses. If in case, you configure fewer secure MAC addresses than the maximum, then the remaining MAC addresses are dynamically learned. Switch(config-if)# switchport port-security mac-address {mac_address} Step 8: Verify your configuration by the following commands below. Switch# show port-security address interface FastEthernet 2/1 Switch# show port-security address