11.1.10 Packet Tracer - Implement Port Security

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

implement port security addressing table one switch two pieces and rogue laptop okay one switch two pieces laptop configure port security access the command line on s1 okay access here click here s1 command line interface enter enable port security on fast internet ports zero one and zero two first internet port zero one and zero two enable configure terminal okay and select the interface range interface range to select fast internet 01 and 002 enter enable the range and enable port security switch port security enter set the maximum so that the only one device can access the first internet port zero one and zero two okay maximum one on each port okay one and mark otherwise confiscated one and one mac address on faceterror2 switchboard for security maximum one enter secure the port so that the mac address of a device is dynamically learned and added to the running configuration okay mark others sticky switch or security mac address stick mac dash address sticky enter set oblation mode so that the fast internet ports zero one and zero 2 are not disabled when the vibration occurs but a notification of the security stipulation is generated and buckets from the unknown source are dropped okay in this case is restrict okay if you don't want a notification should be protect but in this case a notification is generated so it's restrict switchboard security relation restrict and disable all the remaining when you set ports okay use this range only facet than one and two are in use so select any other ports okay exit okay and interface range first internet one and two in use so three to twenty four and gigabit zero one and zero two enter shut down any other port enter very good verify from pc1 pc2 okay access pc1 desktop column prompt okay from pc1 ping pc2 and pc2 is 10 10 10 11 go to pc1 pin 10 success verify that the port security is enabled and mac address of pc1 and pc2 were added to a running configuration okay go to s1 okay you are on interface range configuration mode and to exit and use this show running config and show the section that begins with interface keywords so running config pipe begin interface enter and you can see this interface for center note one mode access switchboard for security this port should be configured as access mode then then you will be able to configure for security okay and enable for security marketers sticky relation restrict and mak others sticky and this is the mac address learn it automatically zero zero four e0b0272245 okay first another one and first internet one pc one verify the mac address ipconfig space slash all and see zero zero is zero b zero two seven two two four five okay okay is this a mac address and on fast alternative switchboard mode access for security macadas stick emulation restrict mac address sticky and and the learnet mac address automatically is zero zero zero one six four seven c six nine seven e go to fast internet two on switch one pc two desktop command prompt ipconfig space slash all zero zero zero one six four seven c six nine seven e okay very good use for security show commands s1 show port security go to s1 space space space space show port show port security enter and now you can see faster at one and faster not two maximum address one only one current address only one security stipulation no security tribulation for now no security action restrict on both cases and showboard security others okay show all security address and okay sorry address now you can see bilanguang mark otherwise mark address of pc pc1 mark others of pcb2 the type is a sticky using a sticky method this is the type the port facility one facility two and remaining h no h because aging was not configured aging was not configured attach a rock laptop to any unused switchboard and notice that the link lights are red okay connections use copper straight through cable connect facetime.0 on laptop to s1 any other port for example for saturn.3 and indicators are red enable the port and verify that rock laptop can ping pc1 and pc2 okay this is uh faster than r3 go to s1 configure terminal interface for centerline zero three not shut down enter you can see the green indicators click on the laptop desktop command prompt ping from laptop to pc one pc one ip address is 10 10 10 10 10 10 success and from laptop ping pc2 and pc2 is 10 10 10 11 pink to 10 10 10 11 success after verification shut down the port connected to rock laptop okay access s1 interface was eternal three interference fastener three shutdown enter and now is disabled red indicators disconnect pc2 and connect rock laptop to facility 2 ok use this tool the the lat tool and disconnect this port on the connection of pc2 also the connection for laptop and use the copper straight through cable and connect from faster not zero rock laptop to foster.co2 on the switch this port verify that rock laptop is unable to pick pc1 okay go to rock laptop again and try to be pc one pc one ip other center and center pink to 10 10 10 enter a request timeout pink is failing and now pink fails display the poor security relations for the port which rog laptop is connected on s1 show port security interface for saturn 2. okay go to s1 enter you are on interface configuration mode and to go to privilege accept mode and show board dash security interface fast ethernet 0 2 enter okay show more security interface faster than zero two or security enabled for status secure up now is secure relation restrict maximum mac address one total mac address one a sticky mac address one last source address is this zero zero zero two four a four two c five one c and b lang is number one and security deletion count is 5 okay and review the rock laptop rock laptop mac address maybe config space slash all and the mac address is 0002 4a42 c5 1c okay this is the mac address and on s1 review review the show port security address enter on faster net 2 the mac address should be 0 0 0 1 6 4 7 c 6 9 7 e but and this learner mac address is not the mac address configured on the interface for 7.02 so that's why the relation occurs security evaluation code five how many relations have occurred at least four one for each pink request okay one for each pink request at least four bit in my case five disconnect rock laptop and reconnect pc2 verify pc2 camping pc1 disconnect the laptop and connect pc2 and from pc to ping pc1 go to pc2 space and pick pc1 ping the pc one ip address is 10 10 10 10 [Music] enter success why is pc2 able to pin pc1 but the rogue laptop is not the port security that was enabled on the port only allowed the device whose mac address was learned at first and also only one mac address is permitted thank you very much you

Info

Channel: Christian Augusto Romero Goyzueta

Views: 12,190

Rating: undefined out of 5

Keywords: switching, routing, wireless, essentials, srwe, ipv4, switch 2960, switch, port security, mac address, sticky, restrict, maximum

Id: 7MpOmPILf4Y

Channel Id: undefined

Length: 16min 6sec (966 seconds)

Published: Sun Aug 09 2020