Configuring Switchport port-security on Cisco Packet Tracer

Hello friends… ^_^
For this time, I will share a discussion about Switchport port-security, which in the previous discussion we discussed about Static Routing and Dynamic Routing. OK, let me get straight to the point… 🏃‍♀️🏃‍♀️🏃‍♀️🏃‍♀️

Switchport port-security???

Port Security is a security mechanism used on Cisco switches. With port security, we can limit the number of hosts that can connect to a port on the switch and determine which hosts can connect to the switch.

The principle in configuring port security is to register any MAC addresses that can or are allowed to connect to the switch. While the way port-security works are to remove packets from the host or block hosts whose MAC addresses do not match the configuration on port security.

Example of Switchport port-security

here I have a question and a topology that must be created and configured.

Topology

Question
*enable switch port port-security configuration on fa0/1 to fa0/3
*register PC1’s MAC address to fa0/1 manually
*violation for fa0/1: shutdown
* MAC address registration for ports fa0/2 and fa0/3 automatically when a computer communicates for the first time
*violation for fa0/2: protect
*violation for fa0/2: restrict
*maximum mac address for fa0/3:3

The basic configuration of Switch devices

Perform basic configuration (Basic) to the SW-01 device.
To configure it, first, connect the console cable from the PC to the Switch device.
(I happen to be here adding a PC (PC5) specifically for remote switch devices)

PC5 for Remote Console

Then go to PC5 > Desktop > Terminal > Terminal Configuration (Default). It will appear as shown below.

Terminal Configuration

Then do the basic configuration on the SW-01 device.

Basic configuration SW-01

Configure the IP address of each PC device

Configure the IP address on each PC device

PC0

PC1

PC2

PC3

PC4

The configuration according to the question request

enable switch port port-security configuration on fa0/1 to fa0/3
*register PC1’s MAC address to fa0/1 manually
*violation for fa0/1: shutdown
* MAC address registration for ports fa0/2 and fa0/3 automatically when a computer communicates for the first time
*violation for fa0/2: protect
*violation for fa0/2: restrict
*maximum mac address for fa0/3:3

The first step is to configure the switchport port-security specifically for port fa/01 by registering the MAC address manually with a violation for port fa01: shutdown.
* Due to manually entering the MAC address, manually check the MAC address of the PC device that is directly connected to fa01.

PC1

*Then proceed with configuring the Switchport port-security on the SW-01 switch device.

switchport port-security FA0/1

The next step is to configure the switchport port-security specifically for port fa/02 by registering the MAC address automatically with a violation for port fa/02:protect.
*Due to registering MAC addresses automatically, then test the ping command to the connected PC device so that the MAC table is filled with the device's MAC address. (The test is done PING PC2 > PC3)

PING PC2 > PC3

*Then proceed with configuring the Switchport port-security on the SW-01 switch device.

switchport port-security FA0/2

The last step is to configure the switchport port-security specifically for port fa/03 by registering the MAC address automatically with a violation for port fa/03:restrict with a maximum mac address for fa0/3: 3.

switchport port-security FA0/3

TESTING

PORT fa0/1
On port, fa0/1 configured MAC Address manually with violation shutdown. If there is a case of trying to test access using the fa0/1 port, the fa0/1 port will immediately shut down.

Test PING

Interface f0/1 down

Show Port Security

PORT fa0/2
On port fa0/2 configured MAC Address Automatically with violation protect. If there is a case of trying to do an access experiment using the fa0/2 port, whatever packet is sent, the packet sent by the host will drop with the condition of the port still in an upstate.

Test PING

PORT fa0/3
On port fa0/3 the MAC Address is configured automatically with violation for port fa/03 :restrict with a maximum MAC address for fa0/3: 3. If there is a case of trying to try access using the port fa0/3 it will drop packets as in protect mode, but the interface will count the number of violations that occurred. While in protect mode the number of violations will not be counted.

Test Ping

FINISH!!
Maybe that’s all I can share with friends. If you have input and suggestions, please comment.
Thank you, hopefully, useful, and don’t forget to share with other friends. ^_^
#Admin #switchport port-security #cisco #cybersecurity #information-technology #indonesia