filmov
tv
How to configure port security on CISCO Switch
Показать описание
Port security is easy to configured and it allows you to secure access to a port based upon a MAC address basis.
Port security can also configured locally and has no mechanism for controlling port security in a centralized fashion for distributed switches.
Port security is normally configured on ports that connect servers or fixed devices, because the likelihood of the MAC address changing on that port is low.
A common example of using basic port security is applying it to a port that is in an area of the physical premises that is publicly accessible.
This could include a meeting room or reception area available for public usage. By restricting the port to accept only the MAC address of the authorized device,
you prevent unauthorized access if somebody plugged another device into the port.
By default, the switchport security feature is disabled on all switchports and must be enabled
This step is also optional, but you can define the action to take when a violation occurs on that interface or interfaces. The default is to shut down the interface or interfaces.
The command to configure this is as follows "switch port-security violation { protect | restrict | shutdown }"
Protect which discards the traffic but keeps the port up and does not send a SNMP message.
Restrict which discards the traffic and sends a SNMP message but keeps the port up
Shutdown which discards the traffic sends a SNMP message and disables the port. (This is the default behavior is no setting is specified.)
Here you can download directly from my file for GNS3 resources needed.
An Access port (or “untagged port” in the non Cisco world) is a switch port which carries traffic for only one VLAN.
A Trunk port (or “tagged port” in the non Cisco world) is a switch port which carries traffic for multiple VLANs.
When frames traverse a Trunk port, a VLAN tag is added to distinguish which frames belong to which VLANs.
Access ports do not require a VLAN tag, since all incoming and outgoing frames belong to a single VLAN.
Basic switches, called ‘unmanaged switches’ have only simple functionality. They have no configurable VLAN support. This means that all hosts on the switch are still part of the same broadcast domain.
Managed switches allow for traffic separation by using VLANs. While managed switches are common today, unmanaged switches are still plentiful.
VLAN: Virtual Local Area Network reduce the broadcast domain and separate the LAN into different subnet.
VLANs can be used to partition a local network into several distinctive segments, for instance:
-Production
-Server Farm
-Voice over IP
-Network management
-Storage area network (SAN)
-Guest Internet access
-Demilitarized zone (DMZ)
If you like my video please like, comment, subscribe for more videos.
Port security can also configured locally and has no mechanism for controlling port security in a centralized fashion for distributed switches.
Port security is normally configured on ports that connect servers or fixed devices, because the likelihood of the MAC address changing on that port is low.
A common example of using basic port security is applying it to a port that is in an area of the physical premises that is publicly accessible.
This could include a meeting room or reception area available for public usage. By restricting the port to accept only the MAC address of the authorized device,
you prevent unauthorized access if somebody plugged another device into the port.
By default, the switchport security feature is disabled on all switchports and must be enabled
This step is also optional, but you can define the action to take when a violation occurs on that interface or interfaces. The default is to shut down the interface or interfaces.
The command to configure this is as follows "switch port-security violation { protect | restrict | shutdown }"
Protect which discards the traffic but keeps the port up and does not send a SNMP message.
Restrict which discards the traffic and sends a SNMP message but keeps the port up
Shutdown which discards the traffic sends a SNMP message and disables the port. (This is the default behavior is no setting is specified.)
Here you can download directly from my file for GNS3 resources needed.
An Access port (or “untagged port” in the non Cisco world) is a switch port which carries traffic for only one VLAN.
A Trunk port (or “tagged port” in the non Cisco world) is a switch port which carries traffic for multiple VLANs.
When frames traverse a Trunk port, a VLAN tag is added to distinguish which frames belong to which VLANs.
Access ports do not require a VLAN tag, since all incoming and outgoing frames belong to a single VLAN.
Basic switches, called ‘unmanaged switches’ have only simple functionality. They have no configurable VLAN support. This means that all hosts on the switch are still part of the same broadcast domain.
Managed switches allow for traffic separation by using VLANs. While managed switches are common today, unmanaged switches are still plentiful.
VLAN: Virtual Local Area Network reduce the broadcast domain and separate the LAN into different subnet.
VLANs can be used to partition a local network into several distinctive segments, for instance:
-Production
-Server Farm
-Voice over IP
-Network management
-Storage area network (SAN)
-Guest Internet access
-Demilitarized zone (DMZ)
If you like my video please like, comment, subscribe for more videos.
0:04:11
0:05:32
0:05:00
0:23:23
0:15:41
0:11:01
0:01:28
0:18:02
0:45:38
0:34:28
0:17:42
0:15:41
0:11:26
0:19:41
0:04:24
0:14:15
0:06:31
0:06:31
0:04:18
0:01:57
0:11:49
0:08:01
![[CCNA v6] Packet](https://i.ytimg.com/vi/IkARdosEGxc/hqdefault.jpg)
0:08:27
0:21:32