30 July, 2014

Port-Secuity Access Port

# Attack Scenario

 Port Security to the rescue
- Dynamic,Static,Sticky
- Violation Actions
- Access or Trunk

 SW2(config)#default interface fa0/1
Interface FastEthernet0/1 set to default configuration

 SW2(config)#int fas 0/1

 ! Set port type-No Dynamic Ports
SW2(config-if)#switchport mode access

 ! Set the access VLAN
SW2(config-if)#switchport access vlan 123

 ! Set the maximum MAC addresses, default is 1
SW2(config-if)#switchport port-security maximum 5

 ! Set aging parameters 5 minutes of inactiviy
SW2(config-if)#switchport port-security aging type inactivity
SW2(config-if)#switchport port-security aging time 5

 ! Set violation action, default is shutdown
SW2(config-if)#switchport port-security violation restrict

 ! Add a static MAC address
SW2(config-if)#switchport port-security mac-address 0000.6783.0000

 ! Remember to enable the feature
SW2(config-if)#switchport port-security

 SW2(config-if)#do show run in fas 0/1
!
interface FastEthernet0/1
 switchport access vlan 123
 switchport mode access
 switchport port-security maximum 5
 switchport port-security
 switchport port-security aging time 5
 switchport port-security violation restrict
 switchport port-security aging type inactivity
 switchport port-security mac-address 0000.6783.0000
end

 SW2(config-if)#do show port-security address
          Secure Mac Address Table
------------------------------------------------------------------------
Vlan    Mac Address       Type                     Ports   Remaining Age
                                                              (mins)
----    -----------       ----                     -----   -------------
 123    0000.6783.0000    SecureConfigured         Fa0/1        -
------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 5120

SW2(config-if)#do show port-security interface fas 0/1
Port Security              : Enabled
Port Status                : Secure-down
Violation Mode             : Restrict
Aging Time                 : 5 mins
Aging Type                 : Inactivity
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 5
Total MAC Addresses        : 1
Configured MAC Addresses   : 1
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 0
At
Tags:: , , ,