Basic Port Security 2

certskills
By certskills October 22, 2015 12:10

Quick, can you name all the small options available with Cisco’s port security feature on Catalyst IOS images? Most of us can’t, unless we’re in the middle of studying for CCENT, CCNA, or CCNP R&S SWITCH. But this blog is meant to help you prepare for a couple of those, so here’s another chance to review and recall those options with another basic port security lab.

 

Requirements

You need to configure port security on some access ports on a Catalyst switch. You do know that only one device should connect to each switch port. However, you do not know the MAC address of each device.

Your job in this lab: enable port security on the requested ports, allowing one and only one device to send traffic through the port. Also cause the switch to learn the first MAC that sends traffic, and remember that MAC address for the long term.

The specific rules for this lab are:

  • Enable port security on all displayed access interfaces in the figure
  • Configure port security so that all valid learned MAC address will be automatically converted to secure MAC addresses
  • Allow only one MAC address to send frames into the port
  • Use default settings where possible, and do not configure any settings that are not required
  • As an added bonus, consider how to configure any interface subcommands two different ways: any interface commands per-interface, or one time for all interfaces

 

Figure 1: Single Switch

 

Initial Configuration

While you might be able to configure port security based on the information supplied so far, the initial configurations of the switch might be helpful, as shown in Figure 1.

Example 1: SW1 Config

 

Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear, or other tools, configure it there. If you do attempt this lab on a real OS, you can test by setting your test hosts to use the same MAC addresses shown in the figure, seeing them work, and then setting the MAC addresses to different values, and hopefully seeing port security filtering the traffic.

 

Do this Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file!

 

Network Device Info:

This table lists the interfaces listed in the lab exercise documentation versus those used in the sample .VIRL file.

 

Device Lab Port VIRL Port
SW1 F0/1 G0/1
SW1 F0/2 G0/2
SW1 F0/3 G0/3
SW1 F0/4 G1/0

 

Host device info:

This table lists host information pre-configured in VIRL, information that might not be required by the lab but may be useful to you.

 

Device IP Address Mac Address User/password
PC1 172.16.1.1/24 02:00:00:00:11:11 cisco/cisco
PC2 172.16.1.2/24 02:00:00:00:22:22 cisco/cisco
PC3 172.16.1.3/24 02:00:00:00:33:33 cisco/cisco
PC4 172.16.1.4/24 02:00:00:00:44:44 cisco/cisco

 

 

Handy Host Commands:

To see PC IP address: ifconfig eth1

Ping example: ping -c 4 10.1.1.1

Trace example: tracepath 10.1.1.1

To connect to another node within the topology: telnet 10.1.1.1

Answers: OSPF Interface Config 1
Answer: Basic Port Security 2
certskills
By certskills October 22, 2015 12:10
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories