Basic Port Security 3

certskills
By certskills December 3, 2015 13:05

Sometimes, #CCNA studiers get bogged down with port security, focusing on all those little optional configuration settings. But what of the main feature: securing the port? This latest lab revisits the big ideas of what a switch does using port security when frame violate the rules.

Requirements

For this lab, configure port security, with very little in terms of requirements. However, do not stop processing the good traffic that enters those ports. In particular, use these rules:

  • Enable port security on all displayed access interfaces in the figure
  • Drop all violating traffic
  • Do not drop non-violating traffic
  • Do not attempt to send SNMP traps for violating traffic
  • Use default settings where possible and do not configure any settings that are not required
  • As an added bonus, consider how to configure any interface subcommands two different ways: any interface commands per-interface, or one time for all interfaces

 

Figure 1: Single Switch

 Initial Configuration

While you might be able to configure port security based on the information supplied so far, the initial configurations of the switch might be helpful, as shown in Figure 1.

Example 1: SW1 Config

Answer on Paper, or Maybe Test in Lab

Next, write your answer on paper. Or if you have some real gear or other tools, configure the lab using them. If you do attempt this lab on a real OS, you will need to connect more to the network than is shown here. Basically, the switch ports shown in Figure 1 need to receive traffic from at least two hosts – the first (non-violating) host, and the second (violating) host. You can use a second switch to do that if available.

 

Do This Lab with Cisco’s VIRL

You can do these labs on paper and still get a lot out of the lab. As an extra help, we have added files for the Virtual Internet Routing Lab (VIRL) software as well. The .VIRL file found here is a file that when used with VIRL will load a lab topology similar to this lab’s topology, with the initial configuration shown in the lab as well. This section lists any differences between the lab exercise and the .VIRL file’s topology and configuration.

Download this lab’s VIRL file! 

Network Device Info:

This table lists the interfaces changed in this lab to work well in VIRL.

Device Lab Port VIRL Port
SW1 F0/1 G0/1
SW1 F0/2 G0/2

 

Host device info:

This table lists host information pre-configured in VIRL, information that might not be required by the lab but may be useful to you.

Device IP Address Mac Address User/password
PC1 172.16.1.1/24 02:00:00:00:11:11 cisco/cisco
PC2 172.16.1.2/24 02:00:00:00:22:22 cisco/cisco

 

Handy Host Commands:

To see PC IP address: ifconfig eth1 

Ping example: ping -c 4 10.1.1.1

Trace example: tracepath 10.1.1.1

To connect to another node within the topology: telnet 10.1.1.1

Answers: Basic NetFlow 2
Answer: Basic Port Security 3
certskills
By certskills December 3, 2015 13:05
Write a comment

No Comments

No Comments Yet!

Let me tell You a sad story ! There are no comments yet, but You can be first one to comment this article.

Write a comment
View comments

Write a comment

Comment; Identify w/ Social Media or Email

Subscribe

Subscribe to our mailing list and get interesting stuff and updates to your email inbox.

Thank you for subscribing.

Something went wrong.

Search

Categories