Switchport Security

Cisco CCNP Switch (300-115): The Complete Course Introduction to securing a Switch
6 minutes
Share the link to this page
You need to have access to the item to view this lesson.
One-time Fee
List Price:  $139.99
You save:  $40
List Price:  €128.68
You save:  €36.77
List Price:  £109.54
You save:  £31.30
List Price:  CA$190.78
You save:  CA$54.51
List Price:  A$210.13
You save:  A$60.04
List Price:  S$188.67
You save:  S$53.91
List Price:  HK$1,093.43
You save:  HK$312.43
CHF 91.06
List Price:  CHF 127.49
You save:  CHF 36.43
NOK kr1,048.21
List Price:  NOK kr1,467.54
You save:  NOK kr419.32
DKK kr685.84
List Price:  DKK kr960.21
You save:  DKK kr274.36
List Price:  NZ$227.27
You save:  NZ$64.94
List Price:  د.إ514.17
You save:  د.إ146.91
List Price:  ৳16,424.23
You save:  ৳4,692.97
List Price:  ₹11,645.13
You save:  ₹3,327.42
List Price:  RM657.08
You save:  RM187.75
List Price:  ₦207,529.57
You save:  ₦59,298.40
List Price:  ₨38,952.22
You save:  ₨11,130
List Price:  ฿5,128.60
You save:  ฿1,465.42
List Price:  ₺4,505.02
You save:  ₺1,287.24
List Price:  B$724.25
You save:  B$206.94
List Price:  R2,573.66
You save:  R735.38
List Price:  Лв251.69
You save:  Лв71.91
List Price:  ₩190,221.90
You save:  ₩54,352.99
List Price:  ₪514.66
You save:  ₪147.05
List Price:  ₱8,117.95
You save:  ₱2,319.58
List Price:  ¥21,959.69
You save:  ¥6,274.64
List Price:  MX$2,335.27
You save:  MX$667.26
List Price:  QR510.23
You save:  QR145.79
List Price:  P1,900.42
You save:  P543.01
List Price:  KSh18,548.67
You save:  KSh5,300
List Price:  E£6,650.92
You save:  E£1,900.40
List Price:  ብር7,982.28
You save:  ብር2,280.81
List Price:  Kz119,249.08
You save:  Kz34,073.60
List Price:  CLP$126,219.94
You save:  CLP$36,065.41
List Price:  CN¥995.23
You save:  CN¥284.37
List Price:  RD$8,242.58
You save:  RD$2,355.19
List Price:  DA18,832.24
You save:  DA5,381.02
List Price:  FJ$311.92
You save:  FJ$89.12
List Price:  Q1,087.21
You save:  Q310.65
List Price:  GY$29,298.72
You save:  GY$8,371.66
ISK kr13,742.62
List Price:  ISK kr19,240.22
You save:  ISK kr5,497.60
List Price:  DH1,389.84
You save:  DH397.12
List Price:  L2,479.24
You save:  L708.40
List Price:  ден7,928.70
You save:  ден2,265.50
List Price:  MOP$1,125.76
You save:  MOP$321.67
List Price:  N$2,570.81
You save:  N$734.57
List Price:  C$5,151.79
You save:  C$1,472.04
List Price:  रु18,606.57
You save:  रु5,316.54
List Price:  S/523.93
You save:  S/149.70
List Price:  K544.26
You save:  K155.51
List Price:  SAR525.04
You save:  SAR150.02
List Price:  ZK3,747.57
You save:  ZK1,070.81
List Price:  L640.31
You save:  L182.96
List Price:  Kč3,172.88
You save:  Kč906.60
List Price:  Ft49,368.78
You save:  Ft14,106.37
SEK kr1,053.51
List Price:  SEK kr1,474.96
You save:  SEK kr421.44
List Price:  ARS$125,081.06
You save:  ARS$35,740
List Price:  Bs967.13
You save:  Bs276.34
List Price:  COP$541,644.74
You save:  COP$154,766.69
List Price:  ₡71,976.06
You save:  ₡20,566.05
List Price:  L3,458.74
You save:  L988.28
List Price:  ₲1,052,935.89
You save:  ₲300,860.31
List Price:  $U5,389.29
You save:  $U1,539.90
List Price:  zł547.24
You save:  zł156.36
Already have an account? Log In


All right, welcome back. And here we go switch port security. Again, nothing new. You know that in the switches, Cisco switches, the Canon switches, you can go in there. First of all, you have to do it on the porch, you have to go inside the porch whether it be arrange apart or a single port, you need to go ahead and enable switch port, a port hyphen security. But before you can enable that you got to make sure that the ports are not a dynamic auto, but as an X, these are access ports.

That's number one. Okay, there's a little gotcha there. But those of you who are taking my previous courses should know this. All right. Then you can do a switch port security. All right.

And you can do Mac, sticky, MAC address sticky which means Hey on this dynamically, or you can do an actual MAC address and put it in one by one by one by one. I don't think anybody wants to do that. Okay. So, you're gonna do, it's gonna be based on MAC addresses, okay, you can do it manually, which I don't suggest you do, unless you work for a company with only five people. All right, and then, or I guess that's right here, use a sticky command, which which they've used a sticky command, what's going to happen? What that means is, when it alarms, it's going to learn it automatically.

But when you look at the MAC address table, it's going to say, static to statically. There. Alright, so that's the difference. What's the good use thinking? Okay, don't do it manually. That's insane.

Again, unless you work for a company by people, and you should also choose, you know, the violation, how many MAC addresses you're going to use and so forth. Okay. So let's take a look at the configuration. See, I post those poor mode out First, make sure now if you've done VLANs, or within your switch, and then you do the security, while you're already this switch port mode access, right, because you have to assign the VLANs. And to assign the VLANs they have to be access ports. But either way, if you do it again, it doesn't hurt switch for more access, then go switch port port hyphen security that enables for security, and they do switch port port security, Mac, sticky, Mac sticky, okay, and that says where they are, it's automatically going to learn it.

It's going to learn that but it's gonna look like it's a statically assigned MAC address. Then you decide, okay, well, what is the maximum number? Now I'm going to allow to be learned on this particular port. You can be nice and you can put two or you can be a rule or ruthless dictator. They say only one. Okay, that's it.

Because what's going to happen are when you put the rule and they violate that that particular rule You'll have a maximum of two or maximum one, whatever it is, you're going to put on an action a violation. All right? That should be shut down. All right, and we're going to look at there's different violent violations you can use. All right, but I like putting shut down or shut down. Those are put supporting, er are disabled disable or disable, which you manually have to turn that port back on.

I want to take a look at that. Here the violation isn't what I want. Shut down. A means report immediately, or disable. All right, you're gonna, you know, it's gonna beep you know, do anything. You're gonna get a lot of help those calls, hey, I can't get on to this week.

You're gonna get a call more likely. All right, and it's telling you unless you have a third party application that's watching that that's monitoring that. Okay, isn't there Hey, you have a port that's down and warns you about it. They say who was a hoarder? And then you find out and all that good stuff, okay, or you're gonna get it all helped us cause risk straight. This is pretty cool, the port is allowed to stay off the port is off.

But all packets from the violation MAC address are dropped. And it keeps count of those MAC addresses that violated it and assigned to an SNMP trap or a syslog message and alert violation. So either using a trap or SNMP, you can go ahead and keep count of that. All right, which is good. So you don't really need to go and turn on the port. You're going to get alerts that say, hey, these guys are trying to get in.

They're not supposed to this already reached the maximum number of MAC addresses are on there. These MAC addresses don't need to be there. Take a look at what's happening. So I okay gives you a message not bad. Pretty cool. This one though, is pretty much the same as restrict, but it doesn't keep count.

It doesn't keep a record of it. So what the heck. So the port is the law and then You're not keeping track of what's going on. He doesn't keep a track of the violations of it. No. So me louder.

Oh, J DS. I am a ruthless dictator. Okay, I will shut down the port. I don't care. That's my job in it. I will turn it back on.

I will have a third party application that's going to syslog SNMP all this stuff, okay to monitor my network and the load is going to fly up a little fly and tell me Hey, support down. I'm sure I'm going to get calls at the help desk. And then something Hey, man, something's going on with the switch. Okay, so I'm gonna take a look at and say Oh Ha, and I'm going to find out what's going on. So know this table. All right, for poor security.

What it does, this is ridiculous. Protect is protecting what Okay, the first level up, it'll not allow those MAC addresses where you don't know who they are. That doesn't make any sense. Okay, restrict Okay, cool, but no stable and obviously know these commands. All right, for switch port security, that's all it is. That's all it is very simple to do.

And as you're doing your VLANs, when you do a VLAN, VLAN 10, name it, you're already in there, you're in the range report, might as well switch port port security because you did the switch port mode access already. And then just do your search for security while you're there if that is what you're going to do. Alright, well, that's that to the next

Sign Up


Share with friends, get 20% off
Invite your friends to LearnDesk learning marketplace. For each purchase they make, you get 20% off (upto $10) on your next purchase.