3.1.4 Applying Basic Switch Security
3.1.4 Applying Basic Switch Security
3.1.4 Applying Basic Switch Security
Objectives
• Configure passwords to ensure that access to the CLI is secured.
• Configure a switch to remove http server status for security.
• Configure port security.
• Disable unused ports.
• Test security configuration by connecting unspecified hosts to secure ports.
Background / Preparation
Set up a network similar to the one in the topology diagram.
The following resources are required:
• One Cisco 2960 or comparable switch
• Three Windows-based PCs, at least one with a terminal emulation program
• At least one RJ-45-to-DB-9 connector console cable
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 1 of 6
CCNA Discovery
Introducing Routing and Switching in the Enterprise
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 2 of 6
CCNA Discovery
Introducing Routing and Switching in the Enterprise
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 3 of 6
CCNA Discovery
Introducing Routing and Switching in the Enterprise
Step 10: Determine what MAC addresses the switch has learned
Determine what MAC addresses the switch has learned by using the show mac-address-table
command at the privileged EXEC mode prompt.
Switch1#show mac-address-table
How many dynamic addresses are there? _____________
How many total MAC addresses are there? ____________
Do the MAC addresses match the host MAC addresses? ____________
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 4 of 6
CCNA Discovery
Introducing Routing and Switching in the Enterprise
Step 16: Configure the port to shut down if there is a security violation
a. In the event of a security violation, the interface should be shut down. To make the port security shut
down, enter the following command:
Switch1(config-if)#switchport port-security violation shutdown
What other action options are available with port security? ______________________________
_____________________________________________________________________________
b. If necessary, ping the switch address 192.168.1.2 from the PC3 192.168.1.5. This PC is now
connected to interface FastEthernet 0/4. This ensures that there is traffic from the PC to the switch.
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 5 of 6
CCNA Discovery
Introducing Routing and Switching in the Enterprise
All contents are Copyright © 1992–2007 Cisco Systems, Inc. All rights reserved. This document is Cisco Public Information. Page 6 of 6