CISCO PRESENTATION Enabling Port Security 1 2950 CISCO

CISCO PRESENTATION Enabling Port Security 1 2950 CISCO

CISCO PRESENTATION Enabling Port Security 1 2950 CISCO SWITCH 2 2950 CISCO SWITCH The Cisco Catalyst 2950 Series is a family of wire-speed Fast Ethernet desktop switches that delivers the next generation of performance and functionality for the LAN with 10/100/1000BaseT uplinks, enhanced IOS service, quality of service (QoS), multicast management, high availability and security features using a simple, Web-based interface. 3

Introduction Secured ports restrict a port to a user-defined group of stations. When you assign secure addresses to a secure port, the switch does not forward any packets with source addresses outside the defined group of addresses. If you define the address table of a secure port to contain only one address, the workstation or server attached to that port is guaranteed the full bandwidth of the port. As part of securing the port, you can also define the size of the address table for the port. 4 IMPORTANT NOTE Port security can only be configured on static access ports. 5 Secured ports generate address-security violations under these conditions

The address table of a secured port is full, and the address of an incoming packet is not found in the table. An incoming packet has a source address assigned as a secure address on another port 6 ADVANTAGES OF PORT SECURITY Dedicated bandwidth If the size of the address table is set to 1, the attached device is guaranteed the full bandwidth of the port. Added securityUnknown devices cannot connect to the port 7 COMMANDS TO VALIDATE PORT SECURITY Interface :Port to secure.

Security :Enable port security on the port. Trap :Issue a trap when an address-security violation occurs. Shutdown Port :Disable the port when an address-security violation occurs. 8 COMMANDS TO VALIDATE PORT SECURITY Secure Addresses :Number of addresses in the secure address table for this port. Secure ports have at least one address. Max Addresses :Number of addresses that the secure address table for the port can contain. Security Rejects :Number of unauthorized addresses seen on the port. 9 Security Violation Mode Shutdown- The interface is shut down immediately following a security violation Restrict- A security violation sends a trap to the

network management station. Protect- When the port secure addresses reach the allowed limit on the port, all packets with unknown addresses are dropped. **The default is shutdown 10 Defining the Maximum Secure Address Count A secure port can have from 1 to 132 associated secure addresses. Setting one address in the MAC address table for the port ensures that the attached device has the full bandwidth of the port. If the secure-port maximum addresses are set between 1 to 132 addresses and some of the secure addresses have not been added by user, the remaining addresses are dynamically learnt and become secure addresses. 11

IMPORTANT NOTE If the port link goes down, all the dynamically learned addresses are removed 12 Enabling Port Security on The Switch Beginning in privileged EXEC mode on the switch, follow these steps to enable port security, these settings will guarantee accurate and tight security. 13 TABLE OF COMMANDS Command Purpose Step 1

configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode for the port you want to secure. Step 3 switchport portsecurity Enable basic port security on the interface. Step 4 switchport portsecurity maximum

max_addrs Set the maximum number of MAC addresses that is allowed on this interface. 14 TABLE OF COMMANDS Step 5 switchport port-security violation {shutdown | restrict | protect} Set the security violation mode for the interface. The default is shutdown. For mode, select one of these keywords: shutdownThe interface is shut down immediately following a security violation. restrictA security violation sends a trap

to the network management station. protectWhen the port secure addresses reach the allowed limit on the port, all packets with unknown addresses are dropped. Step 6 end Return to privileged EXEC mode. Step 7 show port security [interface interface-id | address] Verify the entry. 15

DISABLING PORT SECURITY Step 1 configure terminal Enter global configuration mode. Step 2 interface interface Enter interface configuration mode for the port that you want to unsecure. Step 3 no switchport portsecurity Disable port security.

Step 4 end Return to privileged EXEC mode. Step 5 show port security [interface interfaceid | address] Verify the entry. 16 AVOID CONFIGURATION CONFLICTS Certain combinations of port features conflict with one another. For example, if you define a port as the network port for a VLAN, all unknown unicast and multicast traffic is flooded to the port. You could not enable port security on the network port because a secure port limits the

traffic allowed on it. In the table of conflicting features, no means that the two features are incompatible and that both should not be enabled; yes means that both can be enabled at the same time and will not cause an incompatibility conflict. If you try to enable incompatible features by using CMS, it issues a warning message that you are configuring a setting that is incompatible with another setting, and the switch does not save the change 17 TABLE OF CONFLICTING FEATURES Port Group Port Security SPAN Source Port

SPAN Destination Port Connect to Cluster Protected Port 802.1X Port Port Group - No Yes No

Yes Yes No Port Security No - Yes No Yes No No

SPAN Source Port Yes Yes - No Yes Yes1 Yes SPAN Destination Port

No No No - Yes Yes No Connect to Cluster Yes Yes Yes

Yes - Yes - Protected Port Yes No Yes1 Yes1 Yes -

- 802.1X Port No No Yes No - - - 18

Recently Viewed Presentations

  • Third International Workshop on Parallel Programming Models ...

    Third International Workshop on Parallel Programming Models ...

    Challenges for Massive Systems. Scalability. Systems with hundreds of thousands of cores exist. We will have a million cores soon. Small performance problems can get brutal at scale !
  • The Life Cycle of the Frog

    The Life Cycle of the Frog

    The area round the pond provides plenty of slugs, flies and other insects for the frog to eat. The frog has a sticky tongue and a wide mouth, so it can catch insects. The frog has lungs for fast breathing....
  • French and Indian War - Woodbridge Township School District

    French and Indian War - Woodbridge Township School District

    French and Indian War Chapter 3 Section 4 ... Colonial view of the War Did not want to be unfairly taxed by the British Wanted more land for settlements Albany Plan of Union Drafted by Ben Franklin Unite the colonies...
  • 15.1 The diversity of life is based on

    15.1 The diversity of life is based on

    Geographic isolation B. Species can become geographically isolated from each other in two ways 1. Geography of the Earth may change and separate a species 2. The species may be dispersed or moved to different point on the globe by...
  • Miami-Dade County Public Schools September 21, 2011 General

    Miami-Dade County Public Schools September 21, 2011 General

    Reading, Grades 3-10,* Mathematics, Grades 3-8* Science: Grades 5 and 8* All students enrolled in: Algebra I** Geometry** Biology I** *Students MUST take the test corresponding to the grade level in which they are listed in ISIS.
  • Theology Proper: What is God Like? - Grace Bible Church

    Theology Proper: What is God Like? - Grace Bible Church

    Theology Proper: What is God Like? A Study of the Attributes and Nature of God WHY THE STUDY OF GOD IS IMPORTANT The fear of the Lord is the beginning of wisdom (Ps. 111:10; Prov. 9:10). The way to grow...
  • Prepositional Phrases - Welcome to The World of S

    Prepositional Phrases - Welcome to The World of S

    A prepositional phrase. IS A PHRASE: THAT BEGINS WITH A PREPOSITION. ... Are prepositional phrases. That add to a verb, adverb, or adjective ... When. How . To what extent. Try it again. We will meet by noon. Is there...
  • UD IRB Guidelines for Applications for: Registrations of

    UD IRB Guidelines for Applications for: Registrations of

    Taste and food quality evaluation and consumer acceptance studies, a. if wholesome foods without additives are consumed or b. if a food is consumed that contains a food ingredient at or below the level and for a use found to...