Escolar Documentos
Profissional Documentos
Cultura Documentos
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 1
Switch Port Security
Port Security: Violation Modes
The IOS software considers a security violation when either of
these situations occurs:
• The maximum number of secure MAC addresses for that
interface have been added to the CAM, and a station whose
MAC address is not in the address table attempts to access
the interface.
• An address learned or configured on one secure interface is
seen on another secure interface in the same VLAN.
There are three possible actions to be taken when a violation is
detected:
• Protect
• Restrict
• Shutdown
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 2
Switch Port Security
Port Security: Violation Modes
Restrict generate Log,
Protect don’t generate log
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 3
Switch Port Security
Port Security: Configuring
Dynamic Port Security Defaults
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 4
Switch Port Security
Port Security: Configuring (cont.)
Configuring Dynamic Port Security
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 5
Switch Port Security
Port Security: Configuring (cont.)
Configuring Port Security Sticky
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 6
Switch Port Security
Port Security: Verifying
Verifying Port Security Sticky
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 7
Switch Port Security
Port Security: Verifying (cont.)
Verifying Port Security Sticky – Running Configuration
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 8
Switch Port Security
Port Security: Verifying (cont.)
Verifying Port Security Secure MAC Addresses
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 9
Switch Port Security
Ports in Error-Disabled State
A port security violation can put a switch in error-
disabled state.
A port in error-disabled state is effectively shutdown.
The switch communicates these events through
console messages.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 10
Switch Port Security
Ports In Error Disabled State (cont.)
The show interface command also reveals a switch
port on the error-disabled state.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 11
Switch Port Security
Ports In Error Disabled State (cont.)
A shutdown (or no shutdown) interface command must be
issued to re-enable the port.
Presentation_ID © 2008 Cisco Systems, Inc. All rights reserved. Cisco Confidential 12