Cisco swithport security

From Ever changing code
Revision as of 16:39, 3 January 2015 by Pio2pio (talk | contribs) (Created page with "Yeah, this is for a reference only not a tutorial so please do not be too critical. The output is from Cisco Packet Tracer 6.1. = Configure = interface FastEthernet0/1 swi...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

Yeah, this is for a reference only not a tutorial so please do not be too critical. The output is from Cisco Packet Tracer 6.1.

Configure

interface FastEthernet0/1
 switchport mode access          !          
 switchport port-security        !enables port-security feature, if not applied the port security status will be disabled and sticky mac addresses can't be learnt
 switchport port-security maximum 2                    !maximum mac addresses allowed
 switchport port-security mac-address sticky           !enables sticky mac addresses learning  
 switchport port-security violation restrict           !sets violation policy to restrict, 
 switchport port-security mac-address sticky 00E0.B027.2245  !saves learnt mac address to configuration file

Verify

S1#sh port-security interface fa0/1 
Port Security              : Enabled  #because of switchport port-security command applied
Port Status                : Secure-up
Violation Mode             : Restrict       #because of switchport port-security violation restrict, shutdown policy is by a default
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 2              #because of switchport port-security maximum 2 command
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1
Last Source Address:Vlan   : 00E0.B027.2245:1
Security Violation Count   : 0


S1#show port-security 
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
               (Count)       (Count)        (Count)
--------------------------------------------------------------------
        Fa0/1        2          1                 0         Restrict
        Fa0/2        2          1                 0         Shutdown
----------------------------------------------------------------------

S1#sh port-security address 
			Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan	Mac Address	Type			Ports		Remaining Age
								(mins)
----	-----------	----			-----		-------------
1	00E0.B027.2245	SecureSticky		FastEthernet0/1		-
1	0001.647C.697E	SecureSticky		FastEthernet0/2		-
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 1024




S1#sh int fastEthernet 0/1 switchport 
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
Operational Mode: static access
Administrative Trunking Encapsulation: dot1q
Operational Trunking Encapsulation: native
Negotiation of Trunking: Off
Access Mode VLAN: 1 (default)
Trunking Native Mode VLAN: 1 (default)
Voice VLAN: none
Administrative private-vlan host-association: none
Administrative private-vlan mapping: none
Administrative private-vlan trunk native VLAN: none
Administrative private-vlan trunk encapsulation: dot1q
Administrative private-vlan trunk normal VLANs: none
Administrative private-vlan trunk private VLANs: none
Operational private-vlan: none
Trunking VLANs Enabled: ALL
Pruning VLANs Enabled: 2-1001
Capture Mode Disabled
Capture VLANs Allowed: ALL
Protected: false
Appliance trust: none
Retrieved from ‘http://wiki.ciscolinux.co.uk/index.php?title=Cisco_swithport_security&oldid=1445