Basic Port Security 3

By certskills December 3, 2015 13:05

Sometimes, #CCNA studiers get bogged down with port security, focusing on all those little optional configuration settings. But what of the main feature: securing the port? This latest lab revisits the big ideas of what a switch does using port security when frame violate the rules.


For this lab, configure port security, with very little in terms of requirements. However, do not stop processing the good traffic that enters those ports. In particular, use these rules:

  • Enable port security on all displayed access interfaces in the figure
  • Drop all violating traffic
  • Do not drop non-violating traffic
  • Do not attempt to send SNMP traps for violating traffic
  • Use default settings where possible and do not configure any settings that are not required
  • As an added bonus, consider how to configure any interface subcommands two different ways: any interface commands per-interface, or one time for all interfaces


Figure 1: Single Switch

 Initial Configuration

While you might be able to configure port security based on the information supplied so far, the initial configurations of the switch might be helpful, as shown in Figure 1.

Example 1: SW1 Config

Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear or other tools, configure the lab using them. If you do attempt this lab on a real OS, you will need to connect more to the network than is shown here. Basically, the switch ports shown in Figure 1 need to receive traffic from at least two hosts – the first (non-violating) host, and the second (violating) host. You can use a second switch to do that if available.


Do this Lab with Cisco’s CML (Formerly VIRL)

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for Cisco Modeling Lab – Personal (CML-P). CML-P replaces Cisco Virtual Internet Routing Lab (VIRL) software, in effect serving as VIRL Version 2.

Below, find two files: a file useful with CML-P and another useful with VIRL. (Note that the CML-P file has a .yaml filetype, while the older VIRL file has a VIRL filetype.) Once the file is loaded, CML-P or VIRL will create a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well.

This lab’s CML file!

This lab’s VIRL file!

Network Device Info:

This table lists the interfaces changed in this lab to work well in CML/VIRL.

Device Lab Port CML/VIRL Port
SW1 F0/1 G0/1
SW1 F0/2 G0/2


Host device info:

This table lists host information pre-configured in CML/VIRL, information that might not be required by the lab but may be useful to you.

Device IP Address Mac Address User/password
PC1 02:00:00:00:11:11 cisco/cisco
PC2 02:00:00:00:22:22 cisco/cisco


Handy Host Commands:

To see PC IP address: ifconfig eth1 

Ping example: ping -c 4

Trace example: tracepath

To connect to another node within the topology: telnet

Answers: Basic NetFlow 2
Answer: Basic Port Security 3
By certskills December 3, 2015 13:05
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email


Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.