9 - Port security Configuration & verification Flashcards
Configure under interface ? or Global ?
Under the interface or range of interfaces we want
The interface mode that does Not support port security is ?
Dynamic
- this is the default on switches
- this mode type listens to find out if the other side wants to be 1st trunk if not then it will become access
- port security DOES NOT support dynamic mode interface
The interface mode that will support port security is ?
2 types =
Trunk & Access
- These mode have to be set manually.
Not dynamically changed to these mode.
Trunk
- This port can be set dynamically or manually
- port security only support this mode if it is set manually (static trunk)
- This port type allows many vlan
- if port security is set on a trunk it should be noted to list how many vlans are allowed
Access
- port security only support this mode if it is set manually (static Access)
- this port works on the single vlan that it is assigned to
- this should be the type of port we want to set port security to
Must configure interface mode first.
How is this done ?
- int fa0/1
- switchport mode access
configuring the violation.
How is this done ?
- int fa0/1
- Switchport port-security violation __ shutdown - protect or restrict
Setting how many devices allowed on a port.
How is this done ?
- int fa0/1
- Switchport port-security maximum__ 1,2,3 etc
- if set to 1 it will not show on running config as 1 is the default
Manually/statically assigning mac address to interface.
How is this done ?
- int fa0/1
- switccport port-security mac-address ff:ff:ff:ff:ff:ff
Learn mac-address automatically and adding it to port-security.
How is this done ?
- int fa0/1
- switchport port-security mac-address sticky
- switchport port-security maximum __ (to set how many device MAC to learn automatically)
- currently stored on RAM(runnin config) need to wr mem - to save learnt mac address start up config
To configure port-security to range of interface.
How is this done ?
- interface range 0-48
- switchport port-security ____
To enable port security.
How is this done ?
- int fa0/1
- switchport port-security
Enabling should be done at the end, to prevent mistake and violation taking place
To re-enable the interface we have to ?
Remember -
“Shutdown” violation is the only one that will take the interface down.
To re-enable the interface we have to shut the interface down then bring it up again.
- int fa0/1
- shutdown
- No shutdown
Once re-enabled all previous violations memory will be removed from database
How many main commands to verify port security ?
3 main ways to verify port security
- show port-security
- show port-security address
- show port-security interface fa0/1
Verify basic info of port security ?
what command ?
- show port-security
show interface with port-security & basic info
Verify Deeper(middle) info of port security ? what command ?
- show port-security address
shows vlan details
shows mac-address
shows how it was learnt - statically or sticky
show port number
Verify Very Deep (best) info of port security ?
- show port-security interface fa0/1
shows if port-security is enabled
shows if the interface has violated port-security
shows how many times security was violated and how