6:21
Configure Port Security on Cisco Switch
Tech Solutions
Overview
This video explains how to configure port security on Cisco switches to enhance network security. It details the process of enabling port security, specifying allowed MAC addresses, and understanding the consequences of unauthorized device connections. The tutorial covers different violation modes (shutdown, protect, restrict) and how to recover a port after a security event, emphasizing the importance of this feature for preventing unauthorized access.
How was this?
Save this permanently with flashcards, quizzes, and AI chat
Chapters
- Port security is a feature on Cisco switches designed to limit unauthorized access to network ports.
- By default, port security is disabled on switch ports.
- The primary function is to bind specific MAC addresses to a port, preventing other devices from connecting.
Understanding port security is crucial for network administrators to control which devices can connect to the network, thereby preventing unauthorized access and potential security breaches.
The video demonstrates configuring port security on interface FastEthernet0/1 of a Cisco switch.
- The port must first be configured as an access port using the 'switchport mode access' command.
- Port security is enabled using the 'switchport security' command.
- A specific MAC address is then associated with the port using 'switchport security address <MAC_ADDRESS>'.
Proper configuration ensures that only authorized devices, identified by their MAC addresses, can establish a connection through a specific switch port.
The MAC address of a PC is obtained from its configuration tab and then manually entered into the switch's port security configuration.
- The default violation mode is 'shutdown', which disables the port when an unauthorized MAC address is detected.
- The 'protect' mode discards traffic from unauthorized devices but keeps the port operational and does not generate logs.
- The 'restrict' mode discards traffic, keeps the port operational, and generates log messages about the violation.
Choosing the correct violation mode allows administrators to balance security enforcement with network availability and monitoring needs.
The video explains that if a second, unauthorized PC is connected to a port configured with port security, the port will shut down in the default 'shutdown' violation mode.
- When a port is in the 'shutdown' state due to a violation, it must be manually re-enabled by an administrator.
- The recovery process involves issuing a 'shutdown' command followed by a 'no shutdown' command on the affected interface.
- After recovery, the violation count is reset, and the port can resume normal operation with the authorized device.
Understanding the recovery procedure is essential for quickly restoring network connectivity after a port security event without compromising security.
After an unauthorized device caused a shutdown, the administrator manually shuts down and then re-enables the port (Fa0/1) to restore connectivity for the authorized device.
Key takeaways
- Port security is a fundamental Cisco switch feature for controlling device access at the port level.
- You must explicitly enable port security and define allowed MAC addresses for each port you wish to secure.
- The 'shutdown' violation mode is the most restrictive, disabling the port upon detecting an unauthorized device.
- The 'protect' and 'restrict' modes offer less disruptive alternatives, allowing traffic to be dropped while keeping the port active.
- Recovering a shut-down port requires manual administrative intervention via the console or SSH.
- Port security helps mitigate risks associated with MAC spoofing and unauthorized device connections.
Key terms
Port SecurityCisco SwitchMAC AddressAccess PortViolation ModeShutdown ModeProtect ModeRestrict ModeViolation Count
Test your understanding
- What is the primary purpose of configuring port security on a Cisco switch?
- How do you associate a specific MAC address with a port when configuring port security?
- What happens to a port when a violation occurs in 'shutdown' mode, and how can it be restored?
- What are the key differences between the 'protect' and 'restrict' port security violation modes?
- Why is it important to configure a port as an access port before enabling port security?