Port-Security:
Port-Security protects us from unauthorized users to connect the Network / or to reach the internet / to reach the Server.
How Port-Security Works:
When the request is from the legitimate Mac-Address, the frames will be allowed, or else it will be stopped.
We can make the Legitimate Mac-Address with the help of Mac-Binding.
Port Security Violation Modes:
Protect : Ethernet Frames from the Mac-Address that are not allowed will be dropped but you wont receive any logging information.
Restrict : Ethernet Frames from the Mac-Address that are not allowed will be dropped but you will see logging information.
Shutdown : Ethernet Frames from the Mac-Address that are not allowed will cause the interface to go to err-disable state. You will also see logging information. For recovery from err-disable state , we have 2 options
Manual : The default aging time is zero, so you have to enable it yourself by using shutdown and no shutdown command. (Note : no shutdown alone is not enough )
Automatic : We need to set the aging timer value
Port-Security Configuration :
(config)#interface FastEthernet0/1
(config-if)#switchport mode access
(config-if)#switchport port-security
(config-if)#switchport port-security mac-address sticky
(config-if)#switchport port-security violation restrict
(config-if)#switchport port-security mac-address AAAA.BBBB.CCCC
You can also look into the Video Tutorial:
That's it about port-Security. If you have any queries just give a comment.
Post a Comment
Post a Comment