CCNA: Port Security

1 minute read

Description:

Port security is used to lock down ports

Interface Commands (access port):

1
2
3
4
5
6
7
8
9
   Switch(config)#interface GigabitEthernet0/2
   Switch(config-if)#switchport mode access
   Switch(config-if)#switchport port-security # required. Tells the switch port to enable security
   Switch(config-if)#switchport port-security mac-address 001f.3c59.5555 # set a static MAC - won't allow any others
   Switch(config-if)#switchport port-security mac-address sticky # tells it to dynamically remember the device attached. Must run "copy run start" for it to remember.
   Switch(config-if)#switchport port-security maximum 2 # sets a limit on the number of devices it can allow. 1 is the default.
   Switch(config-if)#switchport port-security violation restrict # options are restrict/shutdown/protect. Shutdown is default.
   Switch(config-if)#switchport port-security mac-address 001f.3c59.5555
   Switch(config-if)#

Interface Commands (trunk port):

1
2
3
4
5
6
   Switch(config)#interface GigabitEthernet0/2
   Switch(config-if)#switchport mode trunk
   Switch(config-if)#switchport trunk encapsulation dot1q
   Switch(config-if)#switchport nonnegotiate
   Switch(config-if)#switchport port-security
   Switch(config-if)#switchport port-security # see options above

To configure a data/voice VLAN:

1
2
3
4
5
6
7
   VTP-Server-1(config-if)#switchport mode access
   VTP-Server-1(config-if)#switchport access vlan 5
   VTP-Server-1(config-if)#switchport voice vlan 7
   VTP-Server-1(config-if)#switchport port-security
   VTP-Server-1(config-if)#switchport port-security maximum 2
   VTP-Server-1(config-if)#switchport port-security mac-address 001f.3c59.5555 vlan access
   VTP-Server-1(config-if)#switchport port-security mac-address 001f.3c59.7777 vlan voice

Show Commands:

1
2
3
4
5
   show port-security
   show port-security
   show dtp # this shows global dtp config
   show dtp interface
   show sdm prefer

Comments