Port Security : port in err-disabled state..
Cisco CCNA Port Security Lab that you can practice in Cisco Packet Tracer, Cisco Modeling Labs (CML), or on real equipment.
Topology
PC1
|
Fa0/1
+---------+
| Switch |
+---------+
- PC1 → Switch Fa0/1
IP Address (optional):
-
PC1:
192.168.1.10/24
Step 1: Configure the Interface
Switch> enable
Switch# configure terminal
Switch(config)# interface fastethernet0/1
Switch(config-if)# switchport mode access
Step 2: Enable Port Security
Switch(config-if)# switchport port-security
Step 3: Allow Only One MAC Address
Switch(config-if)# switchport port-security maximum 1
Step 4: Learn the MAC Address Automatically
Switch(config-if)# switchport port-security mac-address sticky
The switch learns the first connected device's MAC address and saves it as a secure MAC.
Step 5: Configure the Violation Mode
Switch(config-if)# switchport port-security violation shutdown
Other options are:
-
protect -
restrict -
shutdown(default and most commonly used)
Step 6: Enable the Port
Switch(config-if)# no shutdown
Switch(config-if)# end
Verify the Configuration
Check port security:
Switch# show port-security
Check the interface details:
Switch# show port-security interface fa0/1
View the learned MAC address:
Switch# show port-security address
Test the Lab
- Connect PC1 and generate some traffic (for example, ping the default gateway or another device).
- Verify that the MAC address has been learned.
- Disconnect PC1.
- Connect PC2 (with a different MAC address) to Fa0/1.
- The switch should detect a security violation.
With violation shutdown, the interface goes into the err-disabled state.
Comments
Post a Comment