Escolar Documentos
Profissional Documentos
Cultura Documentos
Besides filtering traffic by sending the data only to the port that the destination
system resides on, most network switches provide the following benefits:
Filtering As mentioned a switch filters traffic, which prevents others from capturing
and viewing potentially confidential information.
Port
Port security Port security is a feature of a network switch that lets you configure a
port for a specific MAC address. This allows you to control which systems can
connect to the switch because the switch can temporarily disable the port until
the correct system is plugged into the switch. The following commands are used
to configure port 6 on the Halifax switch to accept only connections from a
particular MAC address. In this example, the MAC address is aaaa.bbbb.cccc,
which you would replace with an actual MAC address:
HAL-SW1(config)#interface f0/6
HAL-SW1(config-if)#switchport mode access
HAL-SW1(config-if)#switchport port-security
HAL-SW1(config-if)#switchport port-security mac-address aaaa.bbbb.cccc
HAL-SW1(config-if)#switchport port-security maximum 1
HAL-SW1(config-if)#switchport port-security violation shutdown
Disable ports It is a security best practice that if you have ports on the switch that are
not being used, you should disable them so that they cannot be used. The
following commands are used to disable ports 7 through 12 on a Cisco switch
with the shutdown command:
VLANs
Most switches today support a feature known as Virtual LANs (VLANs). The
purpose of a VLAN is to create multiple networks within the one network switch. One
way to do this is by placing ports on the switch into groupings known as VLANs. When a
system is connected to a port on the switch, it becomes a member of the VLAN that the
port is associated with. The important point is that when a system is a member of one
VLAN, it cannot communicate with systems in another VLAN. Its as if each VLAN has
its own switch with no connection to another switch. Figure above displays a switch
configured in two VLANs. In this example, Computer A can communicate only with
Computer B because they are the only systems in VLAN1. Computer A and Computer B
cannot communicate with Computer C and Computer D because communication across
VLANs is not allowed without a router.
The following code shows how to configure VLANs on a Cisco 2950 switch. This
example shows two VLANs: PrivateLAN and WebServers:
HAL-SW1> enable
HAL-SW1# vlan database
HAL-SW1(vlan)# vlan 2 name PrivateLAN
VLAN 2 added:
Name: PrivateLAN
HAL-SW1(vlan)# vlan 3 name WebServers
VLAN 3 added:
Name: WebServers
HAL-SW1(vlan)#exit
APPLY completed.
Once the VLANs have been created you then place different ports in particular VLANs.
For example, the following commands place ports 18 to 24 in the WebServers VLAN:
HAL-SW1(config-if-range)# interface range f0/1824
HAL-SW1(config-if-range)# switchport access vlan 3