CCNA: Port Security

less than 1 minute read

Description:

Port security is used to lock down ports

Interface Commands (access port):

Switch(config)#interface GigabitEthernet0/2
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security # required. Tells the switch port to enable security
Switch(config-if)#switchport port-security mac-address 001f.3c59.5555 # set a static MAC - won't allow any others
Switch(config-if)#switchport port-security mac-address sticky # tells it to dynamically remember the device attached. Must run "copy run start" for it to remember.
Switch(config-if)#switchport port-security maximum 2 # sets a limit on the number of devices it can allow. 1 is the default.
Switch(config-if)#switchport port-security violation restrict # options are restrict/shutdown/protect. Shutdown is default.
Switch(config-if)#switchport port-security mac-address 001f.3c59.5555
Switch(config-if)#

Interface Commands (trunk port):

Switch(config)#interface GigabitEthernet0/2
Switch(config-if)#switchport mode trunk
Switch(config-if)#switchport trunk encapsulation dot1q
Switch(config-if)#switchport nonnegotiate
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security # see options above

To configure a data/voice VLAN:

VTP-Server-1(config-if)#switchport mode access
VTP-Server-1(config-if)#switchport access vlan 5
VTP-Server-1(config-if)#switchport voice vlan 7
VTP-Server-1(config-if)#switchport port-security
VTP-Server-1(config-if)#switchport port-security maximum 2
VTP-Server-1(config-if)#switchport port-security mac-address 001f.3c59.5555 vlan access
VTP-Server-1(config-if)#switchport port-security mac-address 001f.3c59.7777 vlan voice

Show Commands:

show port-security
show port-security
show dtp # this shows global dtp config
show dtp interface
show sdm prefer

 

Tags:

Categories:

Updated: