Example: bachelor of science

Configuring Port Security - Cisco

CHAPTER62-1 Cisco IOS Software configuration Guide, Release Port SecurityThis chapter describes how to configure the port Security feature. NoteFor complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Master Command List, at this URL: TipFor additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page: Participate in the Technical Documentation Ideas forum This chapter consists of these sections.

Default Port Security Configuration Table 62-1 shows the default port security configuration for an interface. Port Security Guidelines and Restrictions When configuring port security, follow these guidelines: † With the default port security configuration, to brin g all secure ports out of the error-disabled state,

Fullscreen Download

Tags:

  Configuration, Security, Cisco, Security configuration

Information

Domain:

Source:

Link to this page:

Please notify us if you found a problem with this document:

Other abuse

Transcription of Configuring Port Security - Cisco

1 CHAPTER62-1 Cisco IOS Software configuration Guide, Release Port SecurityThis chapter describes how to configure the port Security feature. NoteFor complete syntax and usage information for the commands used in this chapter, see the Cisco IOS Master Command List, at this URL: TipFor additional information about Cisco Catalyst 6500 Series Switches (including configuration examples and troubleshooting information), see the documents listed on this page: Participate in the Technical Documentation Ideas forum This chapter consists of these sections.

2 Understanding Port Security , page 62-1 Default Port Security configuration , page 62-3 Port Security Guidelines and Restrictions, page 62-3 Configuring Port Security , page 62-5 Displaying Port Security Settings, page 62-12 Understanding Port SecurityThese sections describe port Security : Port Security with Dynamically Learned and Static MAC Addresses, page 62-2 Port Security with Sticky MAC Addresses, page 62-2 Port Security with IP Phones, page 62-362-2 Cisco IOS Software configuration Guide, Release 62 Configuring Port SecurityUnderstanding Port SecurityPort Security with Dynamically Learned and Static MAC AddressesYou can use port Security with dynamically learned and static MAC addresses to restrict a port s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port.

3 When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the Security violation occurs in either of these situations: When the maximum number of secure MAC addresses is reached on a secure port and the source MAC address of the ingress traffic is different from any of the identified secure MAC addresses, port Security applies the configured violation mode.

4 If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, applies the configured violation a secure MAC address is configured or learned on one secure port, the sequence of events that occurs when port Security detects that secure MAC address on a different port in the same VLAN is known as a MAC move the Configuring the Port Security Violation Mode on a Port section on page 62-6 for more information about the violation you have set the maximum number of secure MAC addresses on a port, port Security includes the secure addresses in the address table in one of these ways.

5 You can statically configure all secure MAC addresses by using the switchport port- Security mac-address mac_address interface configuration command. You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected devices. You can statically configure a number of addresses and allow the rest to be dynamically configured. If the port has a link-down condition, all dynamically learned addresses are removed. Following bootup, a reload, or a link-down condition, port Security does not populate the address table with dynamically learned MAC addresses until the port receives ingress Security violation occurs if the maximum number of secure MAC addresses have been added to the address table and the port receives traffic from a MAC address that is not in the address table.

6 You can configure the port for one of three violation modes: protect, restrict, or shutdown. See the Configuring Port Security section on page ensure that an attached device has the full bandwidth of the port, set the maximum number of addresses to one and configure the MAC address of the attached Security with Sticky MAC AddressesPort Security with sticky MAC addresses provides many of the same benefits as port Security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port Security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down you enter a write memory or copy running-config startup-config command, then port Security with sticky MAC addresses saves dynamically learned MAC addresses in the startup-config file and the port does not have to learn addresses from ingress traffic after bootup or a IOS Software configuration Guide.

7 Release 62 Configuring Port SecurityDefault Port Security ConfigurationPort Security with IP PhonesFigure 62-1 shows an application in which a device connects to the switch through the data port of an IP phone. Figure 62-1 Device Connected Through IP PhoneBecause the device is not directly connected to the switch, the switch cannot physically detect a loss of port link if the device is disconnected. Later Cisco IP phones send a Cisco Discovery Protocol (CDP) host presence type length value (TLV) to notify the switch of changes in the attached device s port link state.

8 With Cisco IOS Release (33)SXI and later releases, the switch recognizes the host presence TLV. Upon receiving a host presence TLV notification of a link down on the IP phone s data port, port Security removes from the address table all static, sticky, and dynamically learned MAC addresses. The removed addresses are added again only when the addresses are learned dynamically or Port Security ConfigurationTable 62-1 shows the default port Security configuration for an Security Guidelines and RestrictionsWhen Configuring port Security , follow these guidelines.

9 With the default port Security configuration , to bring all secure ports out of the error-disabled state, enter the errdisable recovery cause psecure-violation global configuration command, or manually reenable the port by entering the shutdown and no shut down interface configuration commands. Enter the clear port- Security dynamic global configuration command to clear all dynamically learned secure addresses. See the Cisco IOS Master Command List for complete syntax phoneSwitch188919 Table 62-1 Default Port Security ConfigurationFeatureDefault SettingPort number of secure MAC modeShutdown.

10 The port shuts down when the maximum number of secure MAC addresses is exceeded, and an SNMP trap notification is IOS Software configuration Guide, Release 62 Configuring Port SecurityPort Security Guidelines and Restrictions Port Security learns unauthorized MAC addresses with a bit set that causes traffic to them or from them to be dropped. The show mac-address-table command displays the unauthorized MAC addresses, but does not display the state of the bit. (CSCeb76844) To preserve dynamically learned sticky MAC addresses and configure them on a port following a bootup or a reload and after the dynamically learned sticky MAC addresses have been learned, you must enter a write memory or copy running-config startup-config command to save them in the startup-config file.

Show more

Documents from same domain

Miercom Report: Dual-Band Wave 2 Access Points ...

Miercom Report: Dual-Band Wave 2 Access Points ...

www.cisco.com

Dual-Band Wave 2 Access Points Comparative Performance: Cisco Aironet 2800 and 3800 Aruba AP-335 DR160830 September 2016 Miercom www.miercom.com

  Cisco

Cisco ASA with FirePOWER Services At-a-Glance

Cisco ASA with FirePOWER Services At-a-Glance

www.cisco.com

At a glance Cisco public Next steps To learn more about the Cisco ASA Firewall with FirePOWER Services, visit www.cisco. com/go/asafps. Meet the industry’s first adaptive, threat-focused next-generation firewall (NGFW) designed for a new

  Cisco, Cisco asa

Architecting the Network for the Cloud - cisco.com

Architecting the Network for the Cloud - cisco.com

www.cisco.com

WHITE PAPER Architecting the Network for the Cloud Sponsored by: Cisco Systems Lucinda Borovick Rohit Mehra January 2011 EXECUTIVE SUMMARY Cloud computing is now one of the prevailing IT trends as we head into the new

  Network, Cisco

Cisco Identity Services Engine Ordering Guide

Cisco Identity Services Engine Ordering Guide

www.cisco.com

© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 22 Cisco Identity Services Engine

  Services, Guide

TERMS OF SALE AND SOFTWARE LICENSE …

TERMS OF SALE AND SOFTWARE LICENSE …

www.cisco.com

TERMS OF SALE AND SOFTWARE LICENSE AGREEMENT-US 3 CISCO CONFIDENTIAL SALES_TERMS_OF_SALE.docx June 2017 Terms of Sale. Customer shall pay any taxes related to Products and Services provided

  Services, Customer

Cisco Industrial Ethernet 4010 Series Switches Data …

Cisco Industrial Ethernet 4010 Series Switches Data

www.cisco.com

© 2018 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 11 Data Sheet Cisco Industrial Ethernet 4010 Series Switches

  Data, Ethernet

Help Partners Increase Deal Sizes and Customer …

Help Partners Increase Deal Sizes and Customer

www.cisco.com

Help Partners Increase Deal Sizes and Customer Satisfaction Cisco Solution Support 101 Service and Promotion Overview for Partner Sales Teams Greg Suhayda

  Customer

Cisco IP Phone Portfolio Brochure

Cisco IP Phone Portfolio Brochure

www.cisco.com

Brochure 3 © 2018 Cisco and/or its affiliates. All rights reserved. Introduction Leading the Way in Collaboration Cisco® IP Phones empower your business with a new collaboration experience

  Collaboration

Data Center Power and Cooling White Paper - …

Data Center Power and Cooling White Paper - …

www.cisco.com

© 2017 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 22 White Paper Cisco Unified Computing System

  Cisco

Cisco Certification and Confidentiality Agreement …

Cisco Certification and Confidentiality Agreement …

www.cisco.com

Cisco Confidential Cisco Certifications and Confidentiality Agreement - Version 22 If you have been convicted of a crime that Cisco deems, in its sole discretion, in any way

  Confidentiality

Related documents

FactoryTalk Security System Configuration Guide

FactoryTalk Security System Configuration Guide

literature.rockwellautomation.com

FactoryTalk Security System Configuration Guide . FactoryTalk Security System Configuration Guide 2 Rockwell Automation Publication FTSEC-QS001Q-EN-E - March 2021 . Important User Information . Read this document and the documents listed in the additional resources section about installation, configuration, and

  Configuration, Security, Automation, Rockwell automation, Rockwell, Factorytalk, Factorytalk security

Configuring Switch Ports and VLAN Interfaces for the …

Configuring Switch Ports and VLAN Interfaces for the …

www.cisco.com

Cisco Security Appliance Command Line Configuration Guide OL-10088-02 Chapter 4 Configuring Switch Ports and VLAN Interfaces for the Cisco ASA 5505 Adaptive Security Appliance Configuring VLAN Interfaces Note If you are using failover, do not use this procedure to name interfaces that you are reserving for failover

  Configuration, Security, Cisco, Switch, Adaptive, Interface, Ports, Configuring, Vlans, 5505, Cisco security, Configuring switch ports and vlan interfaces, Cisco asa 5505 adaptive security

Cookie Security - OWASP

Cookie Security - OWASP

owasp.org

Nov 30, 2017 · –The security model has many weaknesses –Don’t build your application on false assumptions about cookie security –Application and framework developers should take advantage of new improvements to cookie security –Beware that not all browsers are using the same cookie recipe (yet)

  Security

Announcing the Standard for Personal Identity Verification ...

Announcing the Standard for Personal Identity Verification ...

nvlpubs.nist.gov

security systems” as defined by 44 U.S.C. 3542(b)(2) [SP 800-59]. Except as provided in [HSPD-12], nothing in this Standard alters the ability of government entities to use the Standard for additional applications. Special-Risk Security Provision—The U.S. Government has personnel, facilities, and other assets

  Security

Tax Information Security Guidelines

Tax Information Security Guidelines

www.irs.gov

Publication 1075 Tax Information Security Guidelines For Federal, State and Local Agencies Safeguards for Protecting Federal Tax Returns and Return Information

  Security, Publication, 1057, Publication 1075

Symantec Endpoint Protection Quick Start

Symantec Endpoint Protection Quick Start

techdocs.broadcom.com

8. On the Configuration completed panel, click Finish to launch Symantec Endpoint Protection Manager. 9. On the Symantec Endpoint Protection Manager logon screen, type the user name and password you created in step 6 and confirm that you …

  Configuration

Related search queries

FactoryTalk Security, Configuration, Rockwell Automation, Configuring Switch Ports and VLAN Interfaces, Cisco Security, Cisco ASA 5505 Adaptive Security, Security, Publication 1075