9 - Port security Configuration & verification Flashcards

1
Q

Configure under interface ? or Global ?

A

Under the interface or range of interfaces we want

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

The interface mode that does Not support port security is ?

A

Dynamic

  • this is the default on switches
  • this mode type listens to find out if the other side wants to be 1st trunk if not then it will become access
  • port security DOES NOT support dynamic mode interface
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

The interface mode that will support port security is ?

A

2 types =
Trunk & Access
- These mode have to be set manually.
Not dynamically changed to these mode.

Trunk

  • This port can be set dynamically or manually
  • port security only support this mode if it is set manually (static trunk)
  • This port type allows many vlan
  • if port security is set on a trunk it should be noted to list how many vlans are allowed

Access

  • port security only support this mode if it is set manually (static Access)
  • this port works on the single vlan that it is assigned to
  • this should be the type of port we want to set port security to
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Must configure interface mode first.

How is this done ?

A
  • int fa0/1

- switchport mode access

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

configuring the violation.

How is this done ?

A
  • int fa0/1

- Switchport port-security violation __ shutdown - protect or restrict

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Setting how many devices allowed on a port.

How is this done ?

A
  • int fa0/1
  • Switchport port-security maximum__ 1,2,3 etc
  • if set to 1 it will not show on running config as 1 is the default
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Manually/statically assigning mac address to interface.

How is this done ?

A
  • int fa0/1

- switccport port-security mac-address ff:ff:ff:ff:ff:ff

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Learn mac-address automatically and adding it to port-security.
How is this done ?

A
  • int fa0/1
  • switchport port-security mac-address sticky
  • switchport port-security maximum __ (to set how many device MAC to learn automatically)
  • currently stored on RAM(runnin config) need to wr mem - to save learnt mac address start up config
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

To configure port-security to range of interface.

How is this done ?

A
  • interface range 0-48

- switchport port-security ____

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

To enable port security.

How is this done ?

A
  • int fa0/1
  • switchport port-security
    Enabling should be done at the end, to prevent mistake and violation taking place
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

To re-enable the interface we have to ?
Remember -
“Shutdown” violation is the only one that will take the interface down.

A

To re-enable the interface we have to shut the interface down then bring it up again.

  • int fa0/1
  • shutdown
  • No shutdown

Once re-enabled all previous violations memory will be removed from database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

How many main commands to verify port security ?

A

3 main ways to verify port security

  • show port-security
  • show port-security address
  • show port-security interface fa0/1
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Verify basic info of port security ?

what command ?

A
  • show port-security

show interface with port-security & basic info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q
Verify Deeper(middle) info of port security ?
what command ?
A
  • show port-security address

shows vlan details
shows mac-address
shows how it was learnt - statically or sticky
show port number

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Verify Very Deep (best) info of port security ?

A
  • show port-security interface fa0/1

shows if port-security is enabled
shows if the interface has violated port-security
shows how many times security was violated and how

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

what not to use

- show Ip int brief

A

this will only show the interface is down. It will not tell you how if its administratively down, or if its through a violation.

17
Q

We can configure the switch to automatically re-enable any error-disabled interfaces after a specified timeout period.

This gives the offending issue a chance to be cleared by the user

(for example, by removing an unapproved device) without the need for administrative intervention.

A

config to do above is
Switch(config)# errdisable recovery cause psecure-violation
Switch(config)# errdisable recovery interval 300

verification
Switch# show errdisable recovery