Configuring port security
6.2.5 This page will explain why port security is important and how it is configured on a Catalyst 2950 switch.
Network security is an important responsibility for network administrators. Access layer switch ports are accessible through the structured cabling at wall outlets. Anyone can plug in a PC or laptop into one of these outlets. This is a potential entry point to the network by unauthorized users. Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded. Secure MAC addresses can be configured statically. However, it is a complex task to configure secure MAC addresses statically, and is usually prone to error.
An alternative approach is to set port security on a switch interface. The number of MAC addresses per port can be limited to 1. The first address dynamically learned by the switch becomes the secure address.
To reverse port security on an interface use the no form of the command.
The command show port security can be used to verify port security status.
The Lab Activities will show students how to configure port security on a switch.
The next page will discuss some other switch configurations.
6.2.5 This page will explain why port security is important and how it is configured on a Catalyst 2950 switch.
Network security is an important responsibility for network administrators. Access layer switch ports are accessible through the structured cabling at wall outlets. Anyone can plug in a PC or laptop into one of these outlets. This is a potential entry point to the network by unauthorized users. Switches provide a feature called port security. It is possible to limit the number of addresses that can be learned on an interface. The switch can be configured to take an action if this is exceeded. Secure MAC addresses can be configured statically. However, it is a complex task to configure secure MAC addresses statically, and is usually prone to error.
An alternative approach is to set port security on a switch interface. The number of MAC addresses per port can be limited to 1. The first address dynamically learned by the switch becomes the secure address.
To reverse port security on an interface use the no form of the command.
The command show port security can be used to verify port security status.
The Lab Activities will show students how to configure port security on a switch.
The next page will discuss some other switch configurations.
Executing adds, moves, and changes
6.2.6 The importance of following a set procedure when adding a new
switch is emphasized in the first figure. The set procedure is as follows:
- Configure the
switch name
- Determine and
configure the IP address for management purposes
- Configure a
default gateway
- Configure
administrative access for the console, auxiliary, and virtual terminal
(vty) interfaces
- Configure
security for the device
- Configure the
access switch ports as necessary
This page will discuss some items that should be configured before
a switch is added to a network.
The following are parameters that should be configured on a new switch that is added to a network:
The Lab Activities will teach students how to add, move, and change MAC addresses on a switch.
The next page will discuss the backup of switch configuration files.
The following are parameters that should be configured on a new switch that is added to a network:
- Switch name
- IP address for
the switch in the management VLAN
- A default
gateway
- Line passwords
The Lab Activities will teach students how to add, move, and change MAC addresses on a switch.
The next page will discuss the backup of switch configuration files.
No comments:
Post a Comment