Port Security Lab

Securing Switch Access Ports

Objective

Configure Port Security to restrict input to an interface by limiting and identifying MAC addresses of the stations allowed to access the port.

Task 1 – Enable Port Security

Configure Fa0/1 to allow only 1 device and learn the MAC address dynamically (sticky).

SW1(config)# interface fastEthernet 0/1
SW1(config-if)# switchport mode access
SW1(config-if)# switchport port-security
SW1(config-if)# switchport port-security maximum 1
SW1(config-if)# switchport port-security mac-address sticky
SW1(config-if)# switchport port-security violation restrict

Task 2 – Verification

Check the port security status.

SW1# show port-security interface fa0/1
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Restrict
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1