Scribd Logo
Importer

Bienvenue sur Scribd !

  • 2.2.4.9 Packet Tracer - Configuring Switch Port Security Instructions - IG

    Transféré par

    JefferOrtizGonzalez
    3K vues7 pages
    PACKET TRACER 2.2.4.9

    Copyright

    © © All Rights Reserved

    Formats disponibles

    DOCX, PDF, TXT ou lisez en ligne sur Scribd

    Avez-vous trouvé ce document utile ?

    Ce contenu est-il inapproprié ?

    Signaler ce document
    PACKET TRACER 2.2.4.9

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    3K vues7 pages

    2.2.4.9 Packet Tracer - Configuring Switch Port Security Instructions - IG

    Transféré par

    JefferOrtizGonzalez
    PACKET TRACER 2.2.4.9

    Droits d'auteur :

    © All Rights Reserved
    Téléchargez comme DOCX, PDF, TXT ou lisez en ligne sur Scribd
    Signaler comme contenu inapproprié
    sur 7

    Laboratorio 2.2.4.

    9 Packet Tracer - Configuring Switch Port


    Security
    Topology

    Addressing Table
    Device

    Interface

    IP Address

    Subnet Mask

    S1

    VLAN 1

    10.10.10.2

    255.255.255.0

    PC1

    NIC

    10.10.10.10

    255.255.255.0

    PC2

    NIC

    10.10.10.11

    255.255.255.0

    Rogue Laptop

    NIC

    10.10.10.12

    255.255.255.0

    Objective
    Part 1: Configure Port Security
    Part 2: Verify Port Security

    Background
    In this activity, you will configure and verify port security on a switch. Port security allows you to restrict a
    ports ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port.

    Part 1: Configure Port Security


    a. Access the command line for S1 and enable port security on Fast Ethernet ports 0/1 and 0/2.
    S1(config)# interface range fa0/1 - 2
    S1(config-if-range)# switchport port-security

    b. Set the maximum so that only one device can access the Fast Ethernet ports 0/1 and 0/2.
    S1(config-if-range)# switchport port-security maximum 1

    c.

    Secure the ports so that the MAC address of a device is dynamically learned and added to the running
    configuration.

    S1(config-if-range)# switchport port-security mac-address sticky


    d. Set the violation so that the Fast Ethernet ports 0/1 and 0/2 are not disabled when a violation occurs, but
    packets are dropped from an unknown source.
    S1(config-if-range)# switchport port-security violation restrict
    e. Disable all the remaining unused ports. Hint: Use the range keyword to apply this configuration to all the
    ports simultaneously.
    S1(config-if-range)# interface range fa0/3 - 24 , gi1/1 - 2
    S1(config-if-range)# shutdown

    Part 2: Verify Port Security


    a. From PC1, ping PC2.
    b. Verify port security is enabled and the MAC addresses of PC1 and PC2 were added to the running
    configuration.
    c.

    Attach Rogue Laptop to any unused switch port and notice that the link lights are red.

    d. Enable the port and verify that Rogue Laptop can ping PC1 and PC2. After verification, shut down the
    port connected to Rogue Laptop.
    e. Disconnect PC2 and connect Rogue Laptop to PC2s port. Verify that Rogue Laptop is unable to ping
    PC1.
    f.

    Display the port security violations for the port Rogue Laptop is connected to.
    S1# show port-security interface fa0/2

    g. Disconnect Rouge Laptop and reconnect PC2. Verify PC2 can ping PC1.
    h. Why is PC2 able to ping PC1, but the Rouge Laptop is not? The port security that was enabled on the
    port only allowed the device, whose MAC was learned first, access to the port while preventing all other
    devices access.

    Current configuration : 1675 bytes


    !
    version 12.2
    no service timestamps log datetime msec
    no service timestamps debug datetime msec
    no service password-encryption
    !
    hostname S1
    !
    !
    !
    !
    !
    spanning-tree mode pvst
    !
    interface FastEthernet0/1
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    switchport port-security violation restrict
    switchport port-security mac-address sticky 00E0.B027.2245

    !
    interface FastEthernet0/2
    switchport mode access
    switchport port-security
    switchport port-security mac-address sticky
    switchport port-security violation restrict
    switchport port-security mac-address sticky 0001.647C.697E
    !
    interface FastEthernet0/3
    shutdown
    !
    interface FastEthernet0/4
    shutdown
    !
    interface FastEthernet0/5
    shutdown
    !
    interface FastEthernet0/6
    shutdown
    !
    interface FastEthernet0/7
    shutdown
    !
    interface FastEthernet0/8
    shutdown
    !
    interface FastEthernet0/9
    shutdown
    !
    interface FastEthernet0/10
    shutdown
    !
    interface FastEthernet0/11
    shutdown
    !
    interface FastEthernet0/12
    shutdown
    !
    interface FastEthernet0/13
    shutdown
    !
    interface FastEthernet0/14
    shutdown
    !
    interface FastEthernet0/15
    shutdown
    !
    interface FastEthernet0/16
    shutdown
    !
    interface FastEthernet0/17
    shutdown
    !
    interface FastEthernet0/18
    shutdown
    !
    interface FastEthernet0/19
    shutdown
    !
    interface FastEthernet0/20
    shutdown
    !
    interface FastEthernet0/21

    shutdown
    !
    interface FastEthernet0/22
    shutdown
    !
    interface FastEthernet0/23
    shutdown
    !
    interface FastEthernet0/24
    shutdown
    !
    interface GigabitEthernet0/1
    !
    interface GigabitEthernet0/2
    !
    interface Vlan1
    ip address 10.10.10.2 255.255.255.0
    !
    !
    !
    !
    line con 0
    !
    line vty 0 4
    login
    line vty 5 15
    login
    !
    !
    end
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#
    S1#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    S1(config)#int f0/3
    S1(config-if)#no shut
    S1(config-if)#
    %LINK-5-CHANGED: Interface FastEthernet0/3, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
    %LINK-5-CHANGED: Interface FastEthernet0/3, changed state to down
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down

    %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to down


    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
    %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
    S1(config-if)#exit
    S1(config)#exit
    S1#
    %SYS-5-CONFIG_I: Configured from console by console
    S1#show port-security int f0/2
    Port Security : Enabled
    Port Status : Secure-up
    Violation Mode : Restrict
    Aging Time : 0 mins
    Aging Type : Absolute
    SecureStatic Address Aging : Disabled
    Maximum MAC Addresses : 1
    Total MAC Addresses : 1
    Configured MAC Addresses : 0
    Sticky MAC Addresses : 1
    Last Source Address:Vlan : 0002.4A42.C51C:1
    Security Violation Count : 4
    S1#
    %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to down
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
    %LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
    %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
    S1#int f0/3
    ^
    % Invalid input detected at '^' marker.
    S1#conf t
    Enter configuration commands, one per line. End with CNTL/Z.
    S1(config)#int f0/3
    S1(config-if)#shut
    %LINK-5-CHANGED: Interface FastEthernet0/3, changed state to administratively down
    S1(config-if)#int range g0/1 - 2
    S1(config-if-range)#shut
    %LINK-5-CHANGED: Interface GigabitEthernet0/1, changed state to administratively down
    %LINK-5-CHANGED: Interface GigabitEthernet0/2, changed state to administratively down
    S1(config-if-range)#

    Vous aimerez peut-être aussi