LAB 4-5: Port Security
You are the network administrator at Ranet,and would like to enable Port-Security on the access ports of Ranet-SW to prevent the use of another switch connected that let multiple hosts connect through the same port at the same time, and to prevent the unauthorized host connect via some port.
So all you have to do are: (Config via Console)
1. Enable Port-Security on all access ports (except Gig1/1, Gig1/2), and set parameter to allow only 1 MAC Address per port and the action when violation happened is shutdown port.
2. On port Fa0/1, now there is the authorized host connected (Host1), set the allow MAC Address on this port by “SecureSticky” method.
3. On port Fa0/3, now there is the unauthorized host connected (Rogue3),set the allow MAC Address to be 0030.F295.15C6.
If everything is correct, you will see ports Fa0/2 and Fa0/3 change status to down (err-disabled) when there is the attempt to connect from unauthorized hosts, and Host1 will not be able to connect with the unauthorized hosts (192.168.0.58 – 192.168.0.60) .
---------------------- End -----------------------------
Solution:
Ranet-SW config :
(copy & paste to Ranet-SW )en
conf t
int ran fa0/1 -24
switchport mode access
switchport port-security
switchport port-security maximum 1
switchport port-security violation shutdown
int fa0/1
switchport port-security mac-address sticky
int fa0/3
switchport port-security mac-address 0030.F295.15C6
Ranet-SW#copy run start
Destination filename [startup-config]?
Building configuration...
[OK]
Ranet-SW#
Destination filename [startup-config]?
Building configuration...
[OK]
Ranet-SW#
Host1 :
Command Prompt
Packet Tracer PC Command Line 1.0
PC>ping 192.168.0.60
Pinging 192.168.0.60 with 32 bytes of data:
Reply from 192.168.0.60: bytes=32 time=44ms TTL=128
Reply from 192.168.0.60: bytes=32 time=4ms TTL=128
Reply from 192.168.0.60: bytes=32 time=5ms TTL=128
Reply from 192.168.0.60: bytes=32 time=4ms TTL=128
Ping statistics for 192.168.0.60:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 44ms, Average = 14ms
PC>ping 192.168.0.59
Pinging 192.168.0.59 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.59:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>ping 192.168.0.58
Pinging 192.168.0.58 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.58:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>
Command Prompt
Packet Tracer PC Command Line 1.0
PC>ping 192.168.0.60
Pinging 192.168.0.60 with 32 bytes of data:
Reply from 192.168.0.60: bytes=32 time=44ms TTL=128
Reply from 192.168.0.60: bytes=32 time=4ms TTL=128
Reply from 192.168.0.60: bytes=32 time=5ms TTL=128
Reply from 192.168.0.60: bytes=32 time=4ms TTL=128
Ping statistics for 192.168.0.60:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 4ms, Maximum = 44ms, Average = 14ms
PC>ping 192.168.0.59
Pinging 192.168.0.59 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.59:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>ping 192.168.0.58
Pinging 192.168.0.58 with 32 bytes of data:
Request timed out.
Request timed out.
Request timed out.
Request timed out.
Ping statistics for 192.168.0.58:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),
PC>
Ranet-SW
Ranet-SW#sh port-security address
Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan Mac Address Type Ports
----------- ---- -----
0030.F214.8793 SecureSticky FastEthernet0/1 -
0030.F295.15C6 SecureConfigured FastEthernet0/3 -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
Ranet-SW#sh int fa0/2
FastEthernet0/2 is down, line protocol is down (err-disabled)
Ranet-SW#sh int fa0/3
FastEthernet0/3 is down, line protocol is down (err-disabled)
----------------------- The End ---------------------
CCNA Lab
,
cisco
,
IT
,
mac address
,
Packet tracer
,
Port Security
,
Practice Labs
,
WAN Technology
Để bắt đầu tham gia Giao dịch tài chính: