11.1.10 Packet Tracer - Implement Port Security

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

hi friends welcome to all in this video we are going to discuss CCNA version 7 packet racer activity implement port security before coming to this activity first if you like to get any CC in a version 7 online classes or project or any other technical support you can contact our team using our website link you will get from the description below and also if you like to get this type of technical videos in future considered subscribing also don't forget to enable that Bell icon near to the subscribe button so that you will get notification message whenever we upload a new video ok back to our activity here we can see our addressing table and coming to the objectives in part 1 configure port security then impart it to verify port security we will go through the background in this activity we will configure and to verify poor security on a switch what security allows you to restrict airports ingress traffic by limiting the MAC addresses that are allowed to send traffic into the pot yes coming to step 1 configure port security access the command line for s1 and enable poor security on Fast Ethernet ports 0 / 1 + 0 / 2 here we can see the command on s1 we have to go to these interfaces as a range if s 0 / 1 + FS 0 / 2 then we have to configure a switch port port security that means we have to enable port security using this command okay that's fine coming to our topology here we can see our a switch S 1 + 2 pcs pc1 & pc2 is connected to the switch s1 we will verify its interfaces where these pieces are connected right so just go to options preferences I will enable this always show port labels in logic backspace so that we can see where these devices are connected we can see on FS 0 / 1 + FS 0 / 2 so we are going to enable this poor security in these two ports so click on s 1 you go to CLI enable kind of T you'll go to that interface as a range it's a fame 0 / 1 9 - right 0 / 1 - 2 and here we are to enable a switch to port port - security next he is coming to be set the maximum so that only one device can access the foster parent thoughts ifs 0 / 1 and the 0 starts - yes sure we have to give this command s with support for security maximum allowed we have to give this command maximum 1 right so we can now set this sure is the command switch port port security we have to set the maximum it's one here I'll protect it in mark and here we can see maximum addresses we can give from 1 till 1:30 - ok anyways here we are going to give only 1 now secure the ports so that the MAC address of a device is dynamically land and added to the running configuration okay here we have to give this command this with support for security Mac a truss sticky so when we get is command this switch will in its MAC address automatically and it will add in the port security right so we will give that command switch port port security I'll protect ocean mark here until we can see we can specify mattress either we can specify the MAC address 48-bit MAC address or we can give a sticky so that configure a dynamic secure addresses as sticky so here as specified in the instruction we have to configure sticky then set the violation mode so that the faster thermit pores if a 0 / 1 and if a 0 / 2 are not disabled when a violation occurs but a notification of the security violation is generated and packets from the unknown source are dropped so we have to set this violation mode as a restrict support for security violation restrict switch port for security violation or restrict okay then a disable all the remaining and use two ports use the range keyboard to apply this configuration to all the ports simultaneously and here in this topology we have seen we used only FA 0 / 1 + fa 0 / 2 so we are going to shut down all other unused ports ok so here we can see they given that command using a range interface range FA 0 / 3 until 24 also we have two gigabit ethernet interfaces G 0 / 1 and G 0 starts - so we have to shadow on all these interfaces will go to s 1 and just exit from here interface as a range FA 0 / 3 till 24 also we have a G 0 / 1 - 2 and we are going to shut down these ports shut down now coming to a step 2 verify port security from pc1 ping PC - ok we can do that so just we will get the IP address of PC - we can go through desktop command prompt and here we have the command ipconfig and we will copy its IP address then we will go to PC 1 desktop command prompt then we will Epping to PC - using its IP address and here we can see we get the replies then we will verify that the port security is enabled and the MAC addresses of pc1 & pc2 where are to the running configuration so we have to give this show command or show running config begin interface okay we will try with this pipeline give the command the end then we will give that command I mean show command show running config we can give in short then this pipeline begin interface so we can see the details here yeah if a 0 / 1 + FA 0 / - yes they will maximize this and here we can see a switch abort mode access all these and here we can see support for security mega trusty key and now its land its MAC address that piece is MAC address ok this is connected to I mean this PC one is connected to FA 0 / 1 right then actually we can see switch report for security mega first search Tiki the MAC address of PC - right use port security show commands to display configuration information like for shop or security shop or security address so we will use these show commands also show - security and here we can see its result we can see the pores FS 0 / 1 + f FS 0 / 2 also we can see it's a mode a restrict then we can see maximum secure a tres 1 current address it's one in a security violation okay count is zero also we will give you a we will give this command a show poor security address show port security address and we can see the details here we can see a VLAN and it's a MAC address the MAC address of those pcs pc1 & pc2 and where these pieces are connected FS 0 / 1 + FS 0 / 2 we can see ports then attach a rogue laptop to any unused switch port and notice that the link lights are red obviously because all other unused 2 ports will be disabled so we will connect this rogue laptop - this is one using copper straight through Roy a laptop a fast ather at zero then we will go to this s1 and we will connect you faster third 0 / 3 and now coming to this topology we can see this link between this rogue laptop and this S which is done hence we will enable the port and verify the rogue laptop can ping pc1 & pc2 after our verification shadow and the port connected to road laptop so now we are going to enable at this interface FS Eurostar's 3 and we will ping to pc1 & pc2 from this rogue laptop so coming to this switch we will go to that interface then presenter interface fa 0 / 3 and we will give a notional command know coming to the topology here we can see the link between this rogue laptop and this s1 is up so now we are going to a ping to this pc1 & pc2 first of all we will try to PC to here we have its IP address just I will copy this IP address then coming to a roadie laptop desktop command prompt and the give ping then PC to IP address presenter here we can see we get the reply then we will go to PC one and we will get its IP address IP config until we can copy its IP address then again we will go back to a rogue laptop ping to PC one using its IP address and we can see we get the replies and now we will shut down this interface right ok go to a switch again we are in this interface I mean this port FS 0 / 3 so here just to be how to give this command shut down then press enter and we can verify it here we can see now this link between this rogue laptop and this switch s1 is done then disconnect PC 2 and the connector rogue laptop to FA 0 starts to which is the port to which PC 2 was originally connected verify that raw laptop is unable to ping TC 1 yes exactly - 1 work because this PC 2 only is allowed to connect to this port FA 0 starts - in this switch s1 right okay we will do that we will remove this connectivity we cannot remove this plus delete and remove this connection then just reconnect this rogue laptop to this is one just to click on this light so that we can reconnect it click on s 1 then connect to a faster third and 0 starts to now we are going to ping to this PC one from rogue laptop so click on row laptop go to command prompt and we already ping to PC 1 yeah where we can see that just copy and paste or even you can use up arrow from keyboard and we can see it's not pinging because it request timed out mm-hmm here we can see it's not working packets sent for but we can see a received a 0 so lost for 100% loss so that means it's not working yes so what happened here as I told early here this PC 2 is only allowed to connect to this port FA 0 starts to but here now we connect to this row B laptop to this FA 0 / 2 so here violation okay next to display the poor security violations for the port to which a rogue laptop is connected we have to use this a show commander show poor security interface FA 0 / 2 so just click on s1 and press Enter give end so that we can give a show port security interface your face your all-stars - ok then you can press ENTER and here we see the details poor security is enabled port status is secured up and a violation mode we given as a restrict then we can see maximum MAC addresses allowed to be given one total MAC addresses it's one configured a MAC address is zero and sticky MAC addresses 1 and here we can see last resource a truss we can see here and we can see security violation count it shows 5 yes so how many violations how ok as we have seen that it shows 5 security violation carbon shows 5 okay then a disconnect a rogue laptop and the reconnect PC to verify PC to can ping PC one so what we will do just to click on this fa0 green light then every connect to pc 2 first a thorough 0 then we will Epping from PC to to PC 1 or you can go from pc1 to pc2 still go to PC - command prompt and I think I did not give ping here yeah here we can see ping tender tender tender 10 this is the IP address of PC 1 right so then press enter and here we can see we get the replies now it's working ok a why is PC 2 able to ping PC 1 but the wrote laptop is not OK again I will repeat here only PC 2 is allowed to connect to FA 0 / 2 and this only PC one is allowed to connect to FA 0 / 1 and we configured in such a manner right and if you connect any other device to any of these spot it's not going to communicate okay that's all in this packet restore activity that is implement port security here we can see our completion status it shows hundred percent now dereference if you have any doubt any suggestions regarding this packet resort activity please come and below or you can contact our team using our website link you will get from the description below and also if you liked our video give a thump and our share with all your friends so stay tuned and if we will meet again with the next video thank you

Info

Channel: Tech Acad

Views: 55,133

Rating: undefined out of 5

Keywords: CISCO, CCNA, Port-Security, CISCO Certification, CCNAv7, Packet Tracer

Id: p_wu5mKoUCI

Channel Id: undefined

Length: 17min 41sec (1061 seconds)

Published: Thu Jul 09 2020