CCNA LAB - 4.5 Port Security


LAB 4-5: Port Security

You are the network administrator at Ranet,and would like to enable Port-Security on the access ports of Ranet-SW to prevent the use of another switch connected that let multiple hosts connect through the same port at the same time, and to prevent the unauthorized host connect via some port.
So all you have to do are: (Config via Console)

1. Enable Port-Security on all access ports (except Gig1/1, Gig1/2), and set parameter to allow only 1 MAC Address per port and the action when violation happened is shutdown port.

2. On port Fa0/1, now there is the authorized host connected (Host1), set the allow MAC Address on this port by “SecureSticky” method.

3. On port Fa0/3, now there is the unauthorized host connected (Rogue3),set the allow MAC Address to be 0030.F295.15C6.

If everything is correct, you will see ports Fa0/2 and Fa0/3 change status to down (err-disabled) when there is the attempt to connect from unauthorized hosts, and Host1 will not be able to connect with the unauthorized hosts (192.168.0.58 – 192.168.0.60) .

---------------------- End -----------------------------


Solution:

Ranet-SW config :
(copy & paste to Ranet-SW )

en
conf t
int ran fa0/1 -24
switchport mode access
switchport port-security
switchport port-security maximum 1
switchport port-security violation shutdown
int fa0/1
switchport port-security mac-address sticky
int fa0/3
switchport port-security mac-address 0030.F295.15C6
Ranet-SW#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
Ranet-SW#

Host1 :
Command Prompt
Packet Tracer PC Command Line 1.0
PC>ping 192.168.0.60

Pinging 192.168.0.60 with 32 bytes of data:
Reply from 192.168.0.60: bytes=32 time=44ms TTL=128
Reply from 192.168.0.60: bytes=32 time=4ms TTL=128
Reply from 192.168.0.60: bytes=32 time=5ms TTL=128
Reply from 192.168.0.60: bytes=32 time=4ms TTL=128

Ping statistics for 192.168.0.60:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 44ms, Average = 14ms

PC>ping 192.168.0.59

Pinging 192.168.0.59 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.59:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PC>ping 192.168.0.58

Pinging 192.168.0.58 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.0.58:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PC>

Ranet-SW

Ranet-SW#sh port-security address
Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan Mac Address            Type                              Ports

-----------                            ----                               -----
0030.F214.8793                SecureSticky                FastEthernet0/1 -
0030.F295.15C6              SecureConfigured          FastEthernet0/3 -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024

Ranet-SW#sh int fa0/2

FastEthernet0/2 is down, line protocol is down (err-disabled)

Ranet-SW#sh int fa0/3

FastEthernet0/3 is down, line protocol is down (err-disabled)



----------------------- The End ---------------------


Leave a comment

0 Comments.

Leave a Reply

Các bạn có thể viết lời nhận xét cho bài viết, nhưng cần tuân thủ một số quy tắc sau:

» Các bài comment phải nghiêm túc, không dung tục, không spam.
» Nội dung phải liên quan tới chủ đề bài viết.
» Viết bằng tiếng việt có dấu hoặc tiếng Anh. Các comment viết không dấu sẽ bị xóa.
» Hãy để lại tên của bạn khi comment, để tôi có thể dễ dàng trả lời comment của bạn khi cần.

Xin cảm ơn & chúc các bạn tìm được những kiến thức bổ ích khi tình cờ ghé thăm blog này.