|
Device
|
Interface
|
IP Address
|
Subnet Mask
|
|
S1
|
VLAN 1
|
10.10.10.2
|
255.255.255.0
|
|
PC1
|
NIC
|
10.10.10.10
|
255.255.255.0
|
|
PC2
|
NIC
|
10.10.10.11
|
255.255.255.0
|
|
Rogue Laptop
|
NIC
|
10.10.10.12
|
255.255.255.0
|
Port security allows you to restrict a port’s ingress traffic by
limiting the MAC addresses that are allowed to send traffic into the port.
MAC
address sticky configuration at Interface Fast Ethernet 0/1 end where PC1 MAC
address will sticky:
S1#conf t
S1(config)#interface fastEthernet 0/1
S1(config-if-range)#switchport port-security
S1(config-if-range)#switchport port-security maximum 1
S1(config-if-range)#switchport port-security mac-address
sticky
S1(config-if-range)#switchport port-security mac-address
00E0.B027.2245
S1(config-if-range)#switchport port-security violation
restrict
MAC
address sticky configuration at Interface Fast Ethernet 0/2 end where PC2 MAC
address will sticky:
S1#conf t
S1(config)#interface fastEthernet 0/2
S1(config-if-range)#switchport port-security
S1(config-if-range)#switchport port-security maximum 1
S1(config-if-range)#switchport port-security mac-address
sticky
S1(config-if-range)#switchport port-security mac-address
0001.647C.697E
S1(config-if-range)#switchport port-security violation
restrict
Disconnect PC2 and connect Rogue Laptop to PC2’s port. Verify that Rogue Laptop is unable to ping PC1.
Disconnect Rouge Laptop and reconnect PC2. Verify PC2can ping PC1.
No comments:
Post a Comment
Comment