Presentation is loading. Please wait.

Presentation is loading. Please wait.

Net 412 (Practical Part) LAB 5-port security

Published byUtami Setiabudi Modified over 5 years ago

Similar presentations

Presentation on theme: "Net 412 (Practical Part) LAB 5-port security"— Presentation transcript:

1 Net 412 (Practical Part) LAB 5-port security
Networks and Communication Department LAB 5-port security

2 Enable SSH on Cisco Router
Anyone can access unsecure network resources by simply plugging his host into one of our available switch ports. A user can also change his physical location in LAN network without telling the admin. You can secure layer two accesses as well as keep users in their tracks by using port security feature. To explain Switchport port security modes and commands, I will use packet tracer network simulator software. You can use any network simulator software or can use a real Cisco switch to follow this guide. There is no difference in output as long as your selected software contains the commands explained in this tutorial. Networks and Communication Department

3 Topology Networks and Communication Department

4 Configure PC0 Networks and Communication Department

5 Configure PC1 Networks and Communication Department

6 Configure server0 Networks and Communication Department

7 How to configure port security
To configure port security we need to access the command prompt of switch. Click Switch and click CLI and press Enter Key. Networks and Communication Department

8 switchport port security example
In our topology PC0 is connected with F0/1 port of switch. Enter following commands to secure F0/1 port Switch>enable Switch#configure terminal Switch(config)#interface fastethernet 0/1 Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security maximum 1 Switch(config-if)#switchport port-security violation shutdown Switch(config-if)#switchport port-security mac-address sticky Switch(config-if)#ex Switch(config)#ex You can use the domain name so you don't have to type the entire IP address. For example: Imagine you have an ipv6 or ipv4 and you keep forgetting them. However, you have configured a domain name. You can use that domain name to SSH. Imagine if facebook or google don't have domain names. Everyone has to type the IP address of their network/server to go to their website. That's the use of the domain name. You can also use the domain name if you forgot or just don't like the hastle of typing the ip address. Networks and Communication Department

9 Explanation Command Description Switch>enable
Move in privilege exec mode Switch#configure terminal Move in global configuration mode Switch(config)#interface fastethernet 0/1 Move in interface mode Switch(config-if)#switchport mode access Assign port as host port Switch(config-if)#switchport port-security Enable port security feature on this port Switch(config-if)#switchport port-security maximum 1 Set limit for hosts that can be associated with interface. Default value is 1. Skip this command to use default value. Switch(config-if)#switchport port-security violation shutdown Set security violation mode. Default mode is shutdown. Skip this command to use default mode. Switch(config-if)#switchport port-security mac-address sticky Enable sticky feature. Networks and Communication Department

10 Con. We have successfully secured F0/1 port of switch. We used dynamic address learning feature of interface. Switch will associate first learned mac address (on interface F0/1) with this port. You can check MAC Address table for currently associated address. // The configuration is the same as telnet, just the transport input ssh command change the line to Secure Shell. Configuration has completed, next you must test ssh from a client PC. Networks and Communication Department

11 Con. So far no mac address is associated with F0/1 port. Switch learns mac address from incoming frames. We need to generate frame from PC0 that would be receive on F0/1 port of switch. ping command is used to test the connectivity between two hosts. In our scenario we have connectivity between server and pc. We can use this utility to generate frames from PC0. Networks and Communication Department

12 Test PC0 Networks and Communication Department

13 Sw Now check again the MAC Address table on switch
Networks and Communication Department

14 Switchport port security testing
In our topology we have one additional PC. Assume that, this is the cracker's PC. To gain unauthorized access in network he unplugged the Ethernet cable from pc (PC0) and plugged in his pc (PC1). Networks and Communication Department

15 Con. Networks and Communication Department

16 Ping from PC1 Networks and Communication Department

17 What happened ? What happened this time? Why ping command did not get response from server? Because switch detected the mac address change and shutdown the port. Networks and Communication Department

18 Verify port security verify the port security via commands :
Switch #show port-security Switch # show port-security address Switch# show port-security interface fa 0/1 Networks and Communication Department

19 Verify port security Networks and Communication Department

20 How to reset an interface that is disabled due to violation of port security
restart the interface. Unplugged cable from unauthorized pc and plugged back it to authorized pc. Networks and Communication Department

21 Con. Write the following command in the sw From PC0 ping the server
Networks and Communication Department

22 The End Any Questions ? Networks and Communication Department

Download ppt "Net 412 (Practical Part) LAB 5-port security"

Similar presentations

© 2003, Cisco Systems, Inc. All rights reserved..

© 2003, Cisco Systems, Inc. All rights reserved..
LAN Segmentation Virtual LAN (VLAN).

LAN Segmentation Virtual LAN (VLAN).
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Implement Inter- VLAN Routing LAN Switching and Wireless – Chapter 6.
CCNA2-1 Chapter 1 Introduction to Routing and Packet Forwarding CLI Configuration and Addressing.

CCNA2-1 Chapter 1 Introduction to Routing and Packet Forwarding CLI Configuration and Addressing.
Ch. 6 – Switch Configuration CCNA 3 version 3.0. 2 Overview Identify the major components of a Catalyst switch Monitor switch activity and status using.

Ch. 6 – Switch Configuration CCNA 3 version Overview Identify the major components of a Catalyst switch Monitor switch activity and status using.
Instructor & Todd Lammle

Instructor & Todd Lammle
Sybex CCENT 100-101 Chapter 10: Layer 2 Switching Instructor & Todd Lammle.

Sybex CCENT Chapter 10: Layer 2 Switching Instructor & Todd Lammle.
Ch. 7 – Switch Configuration

Ch. 7 – Switch Configuration
CPIT 470 Lab 2 Lab Instructor: Aisha Ehsan.

CPIT 470 Lab 2 Lab Instructor: Aisha Ehsan.
Basic Router Configuration Warren Toomey GCIT. Introduction A Cisco router is simply a computer that receives packets and forwards them on based on what.

Basic Router Configuration Warren Toomey GCIT. Introduction A Cisco router is simply a computer that receives packets and forwards them on based on what.
Packet Tracer 4.1: Novice Session

Packet Tracer 4.1: Novice Session
Configuring a network os

Configuring a network os
Starting the switch Configuring the Switch

Starting the switch Configuring the Switch
Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.

Switch Concepts and Configuration and Configuration Part II Advanced Computer Networks.
Module 6 – Switch Configuration CCNA 3 Cabrillo College.

Module 6 – Switch Configuration CCNA 3 Cabrillo College.
1 Pertemuan 9 Switch Configuration. Discussion Topics Starting the Switch Configuring the Switch 2.

1 Pertemuan 9 Switch Configuration. Discussion Topics Starting the Switch Configuring the Switch 2.
CCNA 3 Week 6 Switch Configuration. Copyright © 2005 University of Bolton Physical Details Available in variety of sizes –12 port, 16 port, up to 48 port.

CCNA 3 Week 6 Switch Configuration. Copyright © 2005 University of Bolton Physical Details Available in variety of sizes –12 port, 16 port, up to 48 port.
Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.

Saeed Darvish Pazoki – MCSE, CCNA Abstracted From: Cisco Press – ICND 1 – Chapter 9 Ethernet Switch Configuration 1.
1 Version 3.0 Module 6 Switch Configuration. 2 Version 3.0 Switches Contain: –CPU –RAM –Operating System.

1 Version 3.0 Module 6 Switch Configuration. 2 Version 3.0 Switches Contain: –CPU –RAM –Operating System.
SW REVERSE JEOPARDY Chapter 1 CCNA2 SW Start-up Routing table Routing table Router parts Router parts Choosing a path Choosing a path Addressing Pot.

SW REVERSE JEOPARDY Chapter 1 CCNA2 SW Start-up Routing table Routing table Router parts Router parts Choosing a path Choosing a path Addressing Pot.

Similar presentations

Ads by Google