CCNA 2 2.2.4.

9 Packet Tracer - Configuring Switch Port Security

Objective!
Part "! Configure Port Security
Part 2! #erify Port Security
Obervation!
Part "! Configure Port Security
- Acce the co$$an% &ine for S" an% enab&e 'ort ecurity on (at )thernet 'ort *+"
an% *+2 uing the co$$an% interface range (at)thernet*+"-2. , et the $a-i$u$ to "
o that on&y one %evice can acce the (at )thernet 'ort *+" an% *+2.
- Secure the 'ort o that the .AC a%%re of a %evice i %yna$ica&&y &earne% an%
a%%e% to the running configuration uing the fo&&owing co$$an%!
witch'ort 'ort-ecurity
witch'ort 'ort-ecurity $ac-a%%re ticky
witch'ort 'ort-ecurity vio&ation retrict
witch'ort 'ort-ecurity $ac-a%%re ticky
- , et the vio&ation to witch'ort 'ort-ecurity vio&ation retrict o that the (at )thernet
'ort *+" an% *+2 are not %iab&e% when a vio&ation occur/ but 'acket are %ro''e% fro$
an unknown ource.
- , %iab&e% a&& the re$aining unue% 'ort uing the co$$an% interface range
(at)thernet*+0-24 an% interface range gigabitethernet"+"-2.
Part 2! #erify Port Security
- (ro$ PC"/ , 'ing PC2.
- , verifie% 'ort ecurity if it i enab&e% an% the .AC a%%ree of PC" an% PC2 were
a%%e% to the running configuration by uing the co$$an% how 'ort-ecurity int fa*+"
an% how 'ort-ecurity int fa*+2.
- , attache% the 1ogue 2a'to' to any unue% witch 'ort an% the &ink &ight beco$e re%.
- , enab&e% the 'ort by uing the co$$an% int fa*+0/ no hut an% verifie% that 1ogue
2a'to' can 'ing PC" an% PC2. After verification/ , hut %own the 'ort connecte% to
1ogue 2a'to'.
- 3iconnect PC2 an% connect 1ogue 2a'to' to PC24 'ort. 1ogue 2a'to' i unab&e to
'ing PC".
- 3i'&ay the 'ort ecurity vio&ation for the 'ort 1ogue 2a'to' i connecte% to by uing
the co$$an% how 'ort-ecurity int fa*+2.
- , %iconnecte% 1ouge 2a'to' an% reconnect PC2. PC2 can 'ing PC".
- 5hy i PC2 ab&e to 'ing PC"/ but the 1ouge 2a'to' i not6
Anwer! The &i$it for fa*+2 i et to "/ o 1ouge 2a'to' cannot be there any$ore.
Conc&uion!
A i$'&e $etho% that $any a%$initrator ue to he&' ecure the network fro$
unauthori7e% acce i to %iab&e a&& unue% 'ort on a witch. Navigate to each unue%
'ort an% iue the Cico ,OS hut%own co$$an%. ,f a 'ort &ater on nee% to be
reactivate%/ it can be enab&e% with the no hut%own co$$an%. ,t i i$'&e to $ake
configuration change to $u&ti'&e 'ort on a witch. ,f a range of 'ort $ut be
configure%/ ue the interface range co$$an%. Sticky &earning i enab&e% on an interface
by uing the witch'ort 'ort-ecurity $ac-a%%re ticky interface configuration $o%e
co$$an%. 5hen ticky ecure .AC a%%ree are configure% by uing the witch'ort
'ort-ecurity $ac-a%%re ticky $ac-a%%re interface configuration $o%e co$$an%/
a&& 'ecifie% a%%ree are a%%e% to the a%%re tab&e an% the running configuration.