When you work with the Cisco Switches you can enable a function called port security. Port Security is nice because you can limit the number of MAC addresses that can be learned and can pass traffic on a single port of a switch. For example if you have a PC at a KIOSK and that is the only PC that should EVER be connected to switchport f0/5 you could accomplish this with port security.
Here is a sample of a port security configuration and a brief explanation of what it does. Keep in mind that there is more to it than just this configuration but this should get you through the CCNA.
! Begin by entering the interface you want to configure port security on.
SwitchX(config)#interface fa0/5
! Next set the port as a static access port.
! This must be done before enabling port security.
SwitchX(config-if)#switchport mode access
! Next Enable Port Security
SwitchX(config-if)#switchport port-security
! Next Set the Maximum number of MAC addresses to be seen,
! or allowed on this port.
SwitchX(config-if)#switchport port-security maximum 1
! Next configure "Sticky MAC Address Learning" In essence this says
! to take the first MAC address I see and make it a permanent MAC address.
SwitchX(config-if)#switchport port-security mac-address sticky
! Finally set the action to happen if a violation occurs.
! In this case the port will be shutdown,
! or end up in a state of ERR-Disable.
! You can verify this with a Show Interface.
SwitchX(config-if)#switchport port-security violation shutdown
More Information on Port Security can be found here on the Cisco Web Site.
If you found this post helpful why not leave a comment? Also, dont forget to subscribe to our feed.
PS: Welcome StumbleUpon Readers!
This post has gained some momentum lately and for those of you arriving here from Stumble, why not subscribe to our feed. Why subscribe?
- Contests Every Other Month
- Loads of posts
- Answers to questions you need answers for.
Thats right! This blog is for you! How can we help?
