First step is to ensure selected port is set to switchport access, to do so we will first enter Global Configuration mode
Next port security must be enable prior to configuring any type of port security This will be the base for all 3 types covered on exam
Next we will configure type of port security desired (Static, dynamic, or sticky)
Well start with Static
Note: MAC address must always be entered in the xxxx.xxxx.xxxx format , You can use ipconfig /all to get MAC address on a windows pc
You can verify config by using the show port-security command
Or you can do a Show port-security interface e0/1 to view detailed port security settings
Next we'll configure Dynamic security
the switchport port-security maximum (n) will dynamically assign the max allowed MAC set to a port in the example we will set it to 2
Next we will configure Sticky security
the will combine both security type into one. in this example we will set max to 5 and sticky add 2 MAC addresses
You can verify by running show port-security, Show port-security interface e0/1, or a show port-security address
Lastly e will configure port-security violation
There three type a violation action protect, shutdown (default), restrict.
First protect
Next there is shutdown
Note: if interface interface enters err-disable you will have to shutdown the interface and the do a no shutdown
Lastly restrict
You can verify port security settings by running show port-security
No comments:
Post a Comment