Basic Port Security 3
Sometimes, #CCNA studiers get bogged down with port security, focusing on all those little optional configuration settings. But what of the main feature: securing the port? This latest lab revisits the big ideas of what a switch does using port security when frame violate the rules.
Requirements
For this lab, configure port security, with very little in terms of requirements. However, do not stop processing the good traffic that enters those ports. In particular, use these rules:
- Enable port security on all displayed access interfaces in the figure
- Drop all violating traffic
- Do not drop non-violating traffic
- Do not attempt to send SNMP traps for violating traffic
- Use default settings where possible and do not configure any settings that are not required
- As an added bonus, consider how to configure any interface subcommands two different ways: any interface commands per-interface, or one time for all interfaces
Figure 1: Single Switch
Initial Configuration
While you might be able to configure port security based on the information supplied so far, the initial configurations of the switch might be helpful, as shown in Figure 1.
Example 1: SW1 Config
|
1 2 3 4 5 6 7 |
hostname SW1 ! interface GigabitEthernet0/1 no shutdown ! interface GigabitEthernet0/2 no shutdown |
Answer on Paper, or Maybe Test in Lab
Next, write your answer on paper. Or if you have some real gear or other tools, configure the lab using them. If you do attempt this lab on a real OS, you will need to connect more to the network than is shown here. Basically, the switch ports shown in Figure 1 need to receive traffic from at least two hosts – the first (non-violating) host, and the second (violating) host. You can use a second switch to do that if available.
Do this Lab with Cisco’s CML (Formerly VIRL)
You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for Cisco Modeling Lab – Personal (CML-P). CML-P replaces Cisco Virtual Internet Routing Lab (VIRL) software, in effect serving as VIRL Version 2.
Below, find two files: a file useful with CML-P and another useful with VIRL. (Note that the CML-P file has a .yaml filetype, while the older VIRL file has a VIRL filetype.) Once the file is loaded, CML-P or VIRL will create a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well.
Network Device Info:
This table lists the interfaces changed in this lab to work well in CML/VIRL.
| Device | Lab Port | CML/VIRL Port |
| SW1 | F0/1 | G0/1 |
| SW1 | F0/2 | G0/2 |
Host device info:
This table lists host information pre-configured in CML/VIRL, information that might not be required by the lab but may be useful to you.
| Device | IP Address | Mac Address | User/password |
| PC1 | 172.16.1.1/24 | 02:00:00:00:11:11 | cisco/cisco |
| PC2 | 172.16.1.2/24 | 02:00:00:00:22:22 | cisco/cisco |
Handy Host Commands:
To see PC IP address: ifconfig eth1
Ping example: ping -c 4 10.1.1.1
Trace example: tracepath 10.1.1.1
To connect to another node within the topology: telnet 10.1.1.1
Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.
Write a comment