capstone project 7 1 secure switch ports in packet tracer

Configuring switch port security in packet tracer

Cisco has implemented some security measures to safeguard its Cisco devices from the unauthorized access. Therefore, to be able to secure the physical ports on a Cisco Switch, we have to enable the Port Security.

There are a few options available to the user while configuring the Port Security. One such option is to limit the number of MAC Addresses that the port can connect with. This security feature does not provide complete security however it makes extremely difficult for the attacker to break into the network. The only way hacker can beat this security parameter is by finding out the attached mac-address and giving the same mac-address to the device which attackers wants to connect to the particular switch port.

Many times, some employees in the organization connect their personal devices to the switchport available in their cubicle just for the fun or sometimes for the experimental purposes and if the security is not implemented then that device can jeopardize the whole network and hackers can also this vulnerability to hack into the network.

In this lab, we will allow only one MAC Address to be able to access the interface fast Ethernet 0/2. If some other device is attached to the interface the port will go to shutdown state. Also, when the port will be shutdown then the light on the switch will turn amber on that switch port so admin can find out the issue just by looking at the physical indicator on the switch.

To enable Port Security on a Cisco switch, we have to change the ‘Switchport’ mode from dynamic to access. By default, the Switchport mode is set to dynamic. Once the Switchport mode is changed, we can then enable the Switchport security on that port.

There are couples of ways in which we can restrict devices with random mac-address to connect with the switchport.

One way is to hardcode the mac address on switch interface with command “switchport port-security mac-address [mac-address number]”

Other command that we can use is “switchport port-security mac-address sticky”, this command will stick the already attached mac-address  to the interface and other mac-address will be rejected so if devices with other mac-address will try to connect with the interface then interface will simply reject the connection and we can also configure how interface should react when the security violation take place.

• Set maximum number of allowed mac addresses to port fastethernet 0/2 to 1
• Port 0/2 should go to shutdown state if other mac address device try to connect

Lab Configuration

Switch(config)#interface fastethernet 0/2

Switch(config-if)#switchport mode access

Switch(config-if)#switchport port-security

Switch(config-if)#switchport port-security maximum 1

Switch(config-if)#switchport port-security violation shutdown

CCNA 200-301

• CCNA 200-301 Labs
• CCNP 350-401 ENCOR
• CCNP 350-401 ENCOR Labs
• CCNP 300-410 ENARSI
• CCIE Enterprise Infrastructure
• Cisco Packet Tracer Lab Course
• NRS II IRP Course
• NRS II MPLS Course
• NRS II Service Architecture
• Nokia Configuration Course
• Nokia SRC Program
• JNCIA Junos
• HCIA (HCNA)
• HCIA Configuration Course
• What is Huawei R&S Certification?
• Huawei ICT Certifications
• Python Course
• IPv6 Course
• IP Multicast Course
• NRS I Configuration Course
• Cisco Packet Tracer How To Guide
• Online Courses
• Udemy Courses
• CCNA Flashcard Questions
• Protocol Cheat Sheets
• Subnetting Cheat Sheet
• Linux Cheat Sheet
• Python Cheat Sheet
• CLI Commands Cheat Sheets
• Miscellaneous Cheat Sheets
• Cisco Packet Tracer Labs
• Cisco GNS3 Labs
• Huawei eNSP Labs
• Nokia GNS3 Labs
• Short Config Videos
• Network Tools
• IPCisco on Social Media
• Network Engineer Interview Questions
• Personality Interview Training
• Sign In/Up | Members
• Lost password
• Sign In/Sign Up
• ENROLL HERE

• Switch Port Security Configuration on Cisco Packet Tracer

In this article, we will focus on detailed Port Security Cisco Configuration . For our Cisco Port Security Configuration , we will use the below topology. In this topology we will make examples for the configuration cases on Port Security .

You can DOWNLOAD the Packet Tracer example with .pkt format HERE .

You can download all Cisco Packet Tracer Labs on Cisco Packet Tracer Labs Page.

• 1 static MAC (PC1)
• 1 dynamic MAC (PC2)
• 1 violation (PC3)
• violation type shutdown

Switch(config)# interface fastEthernet 0/1 Switch(config-if)# switchport mode access Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security maximum 2 Switch(config-if)# switchport port-security mac-address 00E0.B085.4951 Switch(config-if)# switchport port-security mac-address 0003.e445.1485 Switch(config-if)# switchport port-security violation shutdown

• 2 dynamic MAC (PC6,PC7)
• 1 violation (PC8)
• violation type restrict

Switch(config)# interface fastEthernet 0/2 Switch(config-if)# switchport mode access Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security maximum 2 Switch(config-if)# switchport port-security mac-address sticky Switch(config-if)# switchport port-security violation restrict

• 1 static MAC (PC4)
• 2 violation (PC4,PC5)

Switch(config)# inter fastEthernet 0/3 Switch(config-if)# switchport mode access Switch(config-if)# switchport port-security maximum 1 Switch(config-if)# switchport port-security mac-address 1111.1111.1111 Switch(config-if)# switchport port-security violation shutdown

• 1 dynamic MAC (PC10)
• 1 violation (PC9)
• violation type protect

Switch(config)# inter fastEthernet 0/4 Switch(config-if)# switchport mode access Switch(config-if)# switchport port-security Switch(config-if)# switchport port-security maximum 1 Switch(config-if)# switchport port-security mac-address sticky Switch(config-if)# switchport port-security violation protect

After this Port Security configuration , connect the PC’s one by one. After this process, you will see that the Port Security configuration on switch, will avoid the unwanted devices and limit the max number of MAC addresses as configured.

You can also check the below Port Security verification commands screenshots.

Switch# show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) ——————————————————————– Fa0/1 2 2 1 Shutdown Fa0/2 2 2 1 Restrict Fa0/3 1 1 1 Shutdown Fa0/4 1 1 1 Protect ———————————————————————-

Switch# show port-security address Secure Mac Address Table ——————————————————————————- Vlan Mac Address Type Ports Remaining Age (mins) —- ———– —- —– ————- 1 0003.E445.1485 SecureConfigured FastEthernet0/1 – 1 00E0.B085.4951 SecureConfigured FastEthernet0/1 – 1 0090.21B9.4D6D SecureSticky FastEthernet0/2 – 1 0009.7C63.A238 SecureSticky FastEthernet0/2 – 1 1111.1111.1111 SecureConfigured FastEthernet0/3 – 1 0009.7C63.A238 SecureSticky FastEthernet0/4 – ——————————————————————————

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Network Fundamentals

• Collision Domain vs Broadcast Domain
• Coaxial Cable Details
• Types of Networks
• Top Internet Access Technologies
• WAN Topology Types
• Network Topology Architectures
• Power Over Ethernet (PoE)
• Ethernet Collisions and Troubleshooting
• Cisco NGFW and Cisco NGIPS
• Networking Connectors
• Ping Command
• Basic Cisco Router Configuration on Packet Tracer
• ICMP (Internet Control Message Protocol)
• Address Resolution Protocol (ARP)
• Network Cabling
• Network Devices
• TCP/IP Model
• OSI Referance Model

IPv4 Addressing

• Verify IP Parameters for Client OS
• VLSM Subnetting
• IPv4 vs IPv6 Comparison
• Cisco IP Address Configuration
• APIPA Address
• Private IP Address Ranges
• Subnetting Examples
• IP Addressing (IPv4)
• IP Subnetting and Subnetting Examples

TCP and UDP

• TCP Header : Sequence & Acknowledgement Number
• TCP Handshake
• TCP versus UDP
• UDP (User Datagram Protocol)
• TCP (Transmission Control Protocol)
• TCP Header : TCP Options
• TCP Header : TCP Window Size, Checksum & Urgent Pointer
• TCP Header : TCP Flags
• Voice VLAN Configuration
• Packet Tracer VLAN Example 2
• How to Configure Cisco VLANs
• VTP Configuration with Packet Tracer
• VTP (VLAN Trunking Protocol)
• DTP and VLAN Frame Tagging protocols ISL, dot1.q
• Cisco Packet Tracer VLAN Configuration Example
• VLAN Port Assignment and VLAN Port Types
• VLANs (Virtual Local Area Networks)

Switching and LANs

• Ethernet Basics
• Cisco Switch Configuration on Cisco Packet Tracer
• MAC Address Lookup
• What is a mac address
• Local Area Networks
• Network Topologies
• Hubs, Switches and Routers

Spanning Tree Protocol

• Loop Guard, Uplink Fast, Backbone Fast and UDLD
• Portfast, Root Guard, BPDU Filter and BPDU Guard
• PVST+ and Rapid PVST+
• STP (Spanning Tree Protocol) Example on Packet Tracer
• RSTP Configuration on Packet Tracer
• STP Portfast Configuration with Packet Tracer
• Spanning Tree Protocol Operation
• Rapid Spanning Tree Protocol (RSTP)
• Spanning Tree Protocol (STP)

Neighbor Discovery

• LLDP Configuration on Cisco IOS
• Neighbour Discovery Protocols
• CDP Configuration with Packet Tracer

EtherChannels

• PAgP Configuration on Cisco Devices
• LACP Configuration on Cisco Devices
• Link Aggregation Control Protocol (LACP)

Routing Fundamentals

• Route Summarization
• Routing Path Determination
• Routing Table
• Static Routes
• IPv4 Floating Static Routes
• Inter VLAN Routing Configuration on Packet Tracer
• Switch Virtual Interface Configuration on Packet Tracer
• Switch Virtual Interfaces
• Inter VLAN Routing with Router on Stick
• IP and Layer 3 Overview
• Static Route Configuration on Cisco Routers
• Dynamic Routing Protocols
• OSPF Cost and SPF Algorithm
• OSPFv3 Configuration Example on Cisco IOS
• OSPFv3 (Open Shortest Path First Version 3)
• Cisco Single Area OSPF Configuration
• Other OSPF Key Points
• OSPF Network Types
• OSPF Area Types
• OSPF LSA Types
• OSPF Packet Types
• OSPF Adjacency
• OSPF(Open Shortest Path First) Overview

WAN (Wide Area Networks)

• MLPPP Configuration on Cisco Packet Tracer
• What is MLPPP?
• Metro Ethernet Technology
• WAN and WAN Technologies

DHCP and DNS

• DNS Configuration on Cisco Routers
• Domain Name System Overview
• Router DHCP Configuration with Packet Tracer
• DHCP IP Allocation Operation
• DHCP (Dynamic Host Configuration Protocol)
• NAT (Network Address Translation)
• PAT Configuration with Packet Tracer
• Dynamic NAT Configuration with Packet Tracer
• Static NAT Configuration with Packet Tracer

First Hop Redundancy

• HSRP Configuration on Cisco IOS
• HSRP (Hot Standby Router Protocol)
• First Hop Redundancy Protocols (FHRPs)

Network Management

• Syslog Overview
• Configuration Register
• TFTP, FTP, SFTP and SCP
• SSH Configuration on Packet Tracer
• Syslog Configuration Cisco
• Cisco NTP Configuration
• NTP (Network Time Protocol)
• SNMP Overview
• SNMP Configuration On Cisco IOS
• Cisco Router Password Recovery
• IPv6 Floating Static Routes
• IPv6 Static and Default Route Configuration
• Stateless Address Auto Configuration
• IPv6 NDP (Neighbour Discovery Protocol)
• IPv6 Configuration on Cisco Packet Tracer
• What does IPv6 bring?
• Subnetting in IPv6
• IPv6 Address Types
• IPv4 and IPv6 Headers
• IPv6 and IPv6 Addresses

Quality of Service

• Network Traffic Types
• Policing and Shaping in QoS
• Classification and Marking in QoS
• Quality of Service Overview
• Radius Configuration for Wireless Users
• Cisco RADIUS Server Configuration on Packet Tracer
• TACACS+ Overview
• RADIUS Overview
• AAA Protocols : RADIUS and TACACS+
• Authentication, Authorization, Accounting (AAA)
• WLAN Frequency Bands
• Other Wireless Network Extention Types
• Wireless Principles
• WLAN Components
• Wireless Network Design Models
• WLC Management Access Connections
• Wireless Access Point Modes
• Wireless Security Protocols
• WLAN Configuration on Packet Tracer

Security Fundamentals

• DHCP Snooping Configuration on Packet Tracer
• Cisco Banner Configuration on Packet Tracer
• What is DHCP Snooping?
• Access Control Lists
• Multifactor Authentication (MFA)
• Dynamic ARP Inspection
• Cyber Attacks, Network Attacks, Threats and Mitigation
• 802.1x (Port Based Network Access Control)
• Switch Port Security
• Extended Access List Configuration With Packet Tracer
• Standard Access List Configuration With Packet Tracer
• Basic Cisco Router Security Configuration

Automation and Programmability

• Ansible vs Puppet vs Chef
• Chef Overview
• Puppet Overview
• Ansible Overview
• Network Automation Tools
• Interpret JSON Encoded Data
• Cisco DNA Center
• Cisco SD-Access
• Data Serialization Languages: JSON, YAML, XML
• Traditional Network Management versus Cisco DNA Center
• Cisco DNA and Intent-Based Networking (IBN)
• How Network Automation Impacts Network Management

SDN (Software Defined Networking)

• What is SDN ?
• Traditional Network Drawbacks Versus SDN
• What Will SDN Bring?
• SDN Architecture Components
• SDN Terminology
• Virtualization
• Virtual Network Structure

Latest Lessons

• VLSM Subnetting Part of: CCNA 200-301
• Coaxial Cable Details Part of: CCNA 200-301
• IPv4 vs IPv6 Comparison Part of: CCNA 200-301
• IGMPv3 Overview Part of: IP Multicast Course
• IGMPv3 Overview Part of: CCIE Enterprise Infrastructure
• Subnetting IPv6 Part of: CCIE Enterprise Infrastructure
• IPv6 and Subnetting Part of: CCNP Enterprise 350-401 ENCOR
• IPv6 Link Local Address Type Part of: CCIE Enterprise Infrastructure
• Cisco Switch Configuration on Cisco Packet Tracer Part of: CCNA 200-301
• Switch Configuration on Cisco Packet Tracer Part of: Cisco Packet Tracer Lab Course
• More Lessons

Latest Blog Posts

WHAT YOU WILL FIND?

• 250.000+ Students All Over The World
• 8.000+ Questions & Answers
• 100+ Lab Files & Cheat Sheets
• 30+ IT/Network Courses
• A Real Desire To Help You
• Daily Social Media Shares
• %100 Satisfaction
• CISCO Courses
• NOKIA Courses
• HUAWEI Courses
• JUNIPER Courses
• PYTHON Course
• KEY Courses
• VIDEO Courses
• UDEMY Courses
• Cheat Sheets
• Configuration Files
• Interview Questions
• IPCisco On Social Media
• Pärnu mnt. 139c – 14, 11317, Tallinn, Estonia
• [email protected]