Often a checkbox is missed and the lock is not working which might result in a major security vulnerability. In this 2-hour guided project, you will secure Cisco Local Area Networks by.
#CISCO SWITCH PORT SECURITY SERIES#
This project is the fifth in the CCNA learning series that is designed to help you acquire the hands-on skills required to pass the CCNA certification exam. Welcome to the CCNA 1.5: Securing Cisco Switches with Port Security.
#CISCO SWITCH PORT SECURITY MANUAL#
This means manual tasks are necessary to re-enable the network interface but this offers much greater security in case of brute-force attacks ( various software might fake MAC addresses).Īfterwards Port Security and MAC filtering is implemented – I highly recommend to check the functionality. Securing Cisco Switches with Port Security. If you select the setting “ Shutdown” the network interface is shut down after the first “ unknown” network device is connected. Action on Violation: Discard ( if you want to drop packages of other hosts) or Shutdown ( if you also want the network interface to be shut down).Interface Status: Lock ( otherwise Port Security isn’t enabled – sounds strange, I know).In this example the dialog is filled like this: Port Security-Einstellungen The reason may be that it requires a more. This configuration is made by editing the appropriate switch port underneath the menu “ Security > Port Security” editiert. One of the most overlooked security areas is the configuration of individual switchport security configuration. After that the the port table column “ Protected Port” should contain the value “ Protected“: Protected PortĪfterwards Port Security needs to be configured for that affected switch ports. The specified device will be assigned an IP address and function normally, but any other device plugged into the same port will not be assigned an IP address, and will not function on the network. It associates a device (PC, printer, etc.) with a port on the switch. During the port configuration the checkbox “ Protected Port” needs to be set to “ Enable“. Enabling port security and MAC sticky ports is an easy way to add some security to your network. This setting can be configured by browsing the menu underneath “ Port Management > Port Settings“. Status: Secure ( make sure to use this!)Īfter all required MAC addresses have been configured on the switch ( it is also possible to configure more than one) switch port “ Protection” needs to be enabled for the appropriate switch port ( IMHO a better description would have been great, Cisco!).Interface: Port GE x ( appropriate network port).In this example the dialog is filled like this: You will find this dialog by browsing the menu underneath the items “ MAC Address Tables > Static Addresses“. Statische MAC-Zuordnungįirst of all static MAC assignments need to be configured for all affected devices/network ports. It is a good idea to connect all devices that need to be able to establish connections to the switch while configuration. In this example one device is configures to access a particular network port – but it is also possible to enable more than one device for accessing ports. Other devices will not be able to access the network – which is a good idea especially for public network sockets.Ĭonfiguring this mechanism is quite easy – if you know the particular steps. The advantage of this is that you are able to define which MAC addresses may establish connections on particular ports. If you own a Cisco SG-200/300 switch you are lucky to configure Port Security and MAC filtering.