![]() Shutdown which discards the traffic sends a SNMP message and disables the port. Restrict which discards the traffic and sends a SNMP message but keeps the port up Protect which discards the traffic but keeps the port up and does not send a SNMP message. The command to configure this is as follows "switch port-security violation " The default is to shut down the interface or interfaces. The command to configure this is as follows, "switchport port-security maximum N" (where N can be from 1 to 6272) Keep in mind the range the number of maximum MAC address depends on the hardware and Cisco IOS you use.Ĥ) This step is also optional, but you can define the action to take when a violation occurs on that interface or interfaces. If this setting is not applied the default of one MAC address is used. This can also be applied in a range of the interfaces on a switch or individual interfaces.ģ) This step is optional, but you can specify how many MAC addresses the switch can have on one interface at a time. By restricting the port to accept only the MAC address of the authorized device, you prevent unauthorized access if somebody plugged another device into the port.īy default, the switchport security feature is disabled on all switchports and must be enabled.ġ) Your switch interface must be L2 as "port security" is configure on an access interface.You can make your 元 switch port to an access interface by using the "switchport" command.Ģ) Then you need to enable port security by using the "switchport port-security" command. This could include a meeting room or reception area available for public usage. A common example of using basic port security is applying it to a port that is in an area of the physical premises that is publicly accessible. ![]() ![]() ![]() Port security is easy to configured and it allows you to secure access to a port based upon a MAC address basis.Port security can also configured locally and has no mechanism for controlling port security in a centralized fashion for distributed switches.Port security is normally configured on ports that connect servers or fixed devices, because the likelihood of the MAC address changing on that port is low. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |