Tag - Port Security

Virtual LANs (VLANs)

VLANs logically divide a switch into multiple broadcast domains at Layer 2.

Each VLAN can represent a logical grouping of users by function or department. As users in these VLANs move, we simply need to change the VLAN assigned to their switch port. VLANs also enhance security because users in one VLAN cannot communicate to users in another VLAN without the use of a Layer 3 device providing inter-VLAN routing.

VLAN Configuration

VLANs can be statically assigned to switch access ports or dynamically assigned by using a VMPS. By default, all interfaces are assigned to the management VLAN, VLAN 1.

To configure a VLAN:

  1. Create the VLAN in global configuration:

Switch(config)#vlan2 Switch(config-vlan)#

  1. The VLAN must be named:

Switch(config-vlan)#vlan2 name ExamPrep

  1. The desired ports must be added to the new VLAN:

Switch(config)#interfaceFastEthernet 0/1 Switch(config-if)#switchportaccess vlan 2

Vlan configuration

Voice VLANs

Voice VLANs are used to separate VoIP traffic from data on an access port for QoS, managea­bility, and traffic confinement.

Switch(config-if)#switchportvoice vlan 30

Trunks

VLANS can span multiple switches using trunks. Trunks multiplex traffic from all VLANs over a single connection. The VLAN identifier is tagged over the trunk using one of the following tagging methods:

  1. ISL: A Cisco-proprietary trunk that encapsulates the original Ethernet frame with a 26-byte header and a 4-byte CRC.
  2. IEEE 802.1q: Standards-based VLAN tagging that inserts a 4-byte tag in the original Ethernet frame. Traffic originating from the native VLAN (VLAN 1 by default) is not tagged over the trunk. If native VLAN configuration does not match on both sides, this could cause VLAN leakage.

Trunk Configuration

Switch(config)#interfaceFastEthernet 0/24

Switch(config-if)#switchporttrunk encapsulation [isl|dot1q] Switch(config-if)#switchportmode trunk

Trunks can be secured by allowing only specific VLANs to traverse to switches that specificallyrequire access to those VLANs. The command to specify the VLANs to be included in the ‚Äúallowed list of VLANs‚ÄĚ is switchport trunk allowed vlan {add | remove | except} vlan_list.

VLAN Trunking Protocol

Cisco created VTP to minimize the amount of VLAN administration in switches by enabling a VTP server to multicast VTP advertisements to other switches in the same VTP domain. Switches receiving these advertisements synchronize their VLAN database with the VLAN information advertised from the server, assuming that the revision number is higher.

 

 VTP Modes

Mode                       Function

Server                               Default VTP mode that enables you to create, modify, and delete VLANS. These VLANs are advertised to                                                       other switches and saved in the VLAN database.

Client                               Cannot create, modify, or delete VLANs. Forwards advertisements received from the server, but does not                                                    save the VLAN configuration in the VLAN database.

Transparent                    Creates, modifies, and deletes VLANs only on the local switch. Does not participate in VTP but forwards VTP                                                advertisements received from servers. Also saves the VLAN configuration in the VLAN database.

VTP Configuration

Changing the VTP domain name from NULL to ExamPrep:

Switch(config)#vtpdomain ExamPrep

Setting the device VLAN database password to examcram:

Switch(config)#vtppassword examcram

Setting the device to VTP TRANSPARENT mode:

Switch(config)#vtptransparent

InterVLAN Routing

InterVLAN routing requires a Layer 3 device such as router or a Layer 3 switch:

. Router-on-a-stick: The connection between router and switch must be at least Fast

Ethernet speeds and must be a trunk. The router interface consists of subinterfaces to assign an IP gateway for each VLAN. The VLAN is associated with a subinterface using the encapsulation command:

Router(config)#interfaceFastEthernet 0/1 .2

Router(config-subif)#ipaddress 192.168.2.1 255.255.255.0 Router(config-subif)#encapsulationdot1q 2

Router(config)#interfaceFastEthernet 0/1 .3

Router(config-subif)#ipaddress 192.168.3.1 255.255.255.0 Router(config-subif)#encapsulationdot1q 3

. Switched virtual interfaces: VLAN interfaces configured in a Layer 3 switch that enables inter-VLAN routing using ASIC technology:

Router(config)#interfaceVlan 2

Router(config-if)#ipaddress 192.168.2.1 255.255.255.0 Router(config)#interfaceVlan 3

Router(config-if)#ip address 192.168.3.1 255.255.255.0

 

Port Security

Here’s the configuration that limits the number of MAC addresses that can be dynamically learned on a switch port:

Switch(config-if)#switchportmode access

Switch(config-if)#switchportport-security

Switch(config-if)#switchportport-security maximum 1

Switch(config-if)#switchportport-security violation {protect | restrict| shutdown}

If a violation occurs, the default response of a Catalyst switch is to shut down the port. To havethe port increase a violation counter and alert an administrator using SNMP, use therestrictkeyword. The protectkeyword allows only traffic from the secure port and drops packets from other MAC addresses until the number of MAC addresses drops below the maximum.

To secure an interface by statically assigning the permitted MAC address(es) attached to the port, use the switchport port-security mac-address MAC_address command on the interface. Alternatively, you can have the switch learn these addresses up to the maximum byusing sticky-learned addresses with the commandswitchport port-security mac-address sticky.

Cisco CCNA Notes

Overview

Cisco Certifications

CCNA 200-125 – Free Questions and Answers

CCNA 200-120 Questions and Answers

Basic Definitions

Download Cisco Exams PREMIUM PDF

Hardware Components

  1. Network Card
  2. Repeaters
  3. Hubs
  4. Bridges

Notes

CCNA Lectures

 CCNA Lecture Slides from Day 1 to Day 14 Lecture

Day 1

Day 2

Addresses IP

Day 3

Day 4

Day 5

Determining IP Routes

Day 6

Distance vector Routing protocols

Day 7

Distance vector Routing protocols

Day 8

Establishing a Frame Relay PVC Connection

Day 9

Day 10

Basic IP Traffic Management with Access Lists

Day 11

Day 12

Day 13

Day 14

  1. CCNA Day 1
  2. CCNA Day 2
  3. CCNA Day 3
  4. CCNA Day 4
  5. CCNA Day 5

Question and Answers

Commands

CCNA Books

 

Cisco Latest Dumps – Instant Download:

Exam CodeExam Name PDF VCE ETE
010-151Supporting Cisco Data Center System Devices (DCTECH)Order PDFOrder VCEOrder ETE
100-105Interconnecting Cisco Networking Devices Part 1 (ICND1)Order PDFOrder VCEOrder ETE
200-105Interconnecting Cisco Networking Devices Part 2 (ICND2)Order PDFOrder VCEOrder ETE
200-125Cisco Certified Network Associate (CCNA)Order PDFOrder VCEOrder ETE
200-150Introducing Cisco Data Center NetworkingOrder PDFOrder VCEOrder ETE
200-155Introducing Cisco Data Center TechnologiesOrder PDFOrder VCEOrder ETE
200-310Designing for Cisco Internetwork SolutionsOrder PDFOrder VCEOrder ETE
200-355CCNA Wireless Implementing Cisco Wireless Network FundamentalsOrder PDFOrder VCEOrder ETE
200-401Managing Industrial Networks with Cisco Networking TechnologiesOrder PDFOrder VCEOrder ETE
200-601Managing Industrial Networks for Manufacturing with Cisco TechnologiesOrder PDFOrder VCEOrder ETE
210-060CCNA Collaboration Implementing Cisco Collaboration Devices (CICD)Order PDFOrder VCEOrder ETE
210-065CCNA Collaboration Implementing Cisco Video Network Devices (CIVND)Order PDFOrder VCEOrder ETE
210-250CCNA Cyber Ops Understanding Cisco Cybersecurity FundamentalsOrder PDFOrder VCEOrder ETE
210-255CCNA Cyber Ops Implementing Cisco Cybersecurity OperationsOrder PDFOrder VCEOrder ETE
210-260CCNA Security Implementing Cisco Network SecurityOrder PDFOrder VCEOrder ETE
210-451Understanding Cisco Cloud FundamentalsOrder PDFOrder VCEOrder ETE
210-455Introducing Cisco Cloud AdministrationOrder PDFOrder VCEOrder ETE
300-070Implementing Cisco IP Telephony and Video, Part 1 (CIPTV1)Order PDFOrder VCEOrder ETE
300-075Implementing Cisco IP Telephony and Video, Part 2 (CIPTV2)Order PDFOrder VCEOrder ETE
300-080Troubleshooting Cisco IP Telephony and Video (CTCOLLAB)Order PDFOrder VCEOrder ETE
300-085Implementing Cisco Collaboration Applications (CAPPS)Order PDFOrder VCEOrder ETE
300-101CCNP Implementing Cisco IP Routing (ROUTE v2.0)Order PDFOrder VCEOrder ETE
300-115CCNP Cisco IP Switched Networks (SWITCH v2.0)Order PDFOrder VCEOrder ETE
300-135CCNP Troubleshooting and Maintaining Cisco IP Networks (TSHOOT v2.0)Order PDFOrder VCEOrder ETE
300-160Designing Cisco Data Center InfrastructureOrder PDFOrder VCEOrder ETE
300-165Implementing Cisco Data Center InfrastructureOrder PDFOrder VCEOrder ETE
300-170Implementing Cisco Data Center Virtualization and AutomationOrder PDFOrder VCEOrder ETE
300-175Implementing Cisco Data Center Unified ComputingOrder PDFOrder VCEOrder ETE
300-180Troubleshooting Cisco Data Center Infrastructure (DCIT)Order PDFOrder VCEOrder ETE
300-206CCNP Security Implementing Cisco Edge Network Security Solutions (SENSS)Order PDFOrder VCEOrder ETE
300-208CCNP Security Implementing Cisco Secure Access Solutions (SISAS)Order PDFOrder VCEOrder ETE
300-209CCNP Security Implementing Cisco Secure Mobility Solutions (SIMOS)Order PDFOrder VCEOrder ETE
300-210CCNP Security Implementing Cisco Threat Control SolutionsOrder PDFOrder VCEOrder ETE
300-320Designing Cisco Network Service ArchitecturesOrder PDFOrder VCEOrder ETE
300-360Designing Cisco Wireless Enterprise NetworksOrder PDFOrder VCEOrder ETE
300-365Deploying Cisco Wireless Enterprise NetworksOrder PDFOrder VCEOrder ETE
300-370Troubleshooting Cisco Wireless Enterprise NetworkOrder PDFOrder VCEOrder ETE
300-375Securing Cisco Wireless Enterprise NetworksOrder PDFOrder VCEOrder ETE
300-460Implementing and Troubleshooting the Cisco Cloud InfrastructureOrder PDFOrder VCEOrder ETE
300-465Designing the Cisco CloudOrder PDFOrder VCEOrder ETE
300-550Designing and Implementing Cisco Network ProgrammabilityOrder PDFOrder VCEOrder ETE
350-018CCIE Security Written Exam v4.0Order PDFOrder VCEOrder ETE
350-030CCIE Voice Written v3.0Order PDFOrder VCEOrder ETE
350-080CCIE Data Center WrittenOrder PDFOrder VCEOrder ETE
352-001CCDE Design WrittenOrder PDFOrder VCEOrder ETE
400-051CCIE Collaboration WrittenOrder PDFOrder VCEOrder ETE
400-101CCIE Routing and Switching WrittenOrder PDFOrder VCEOrder ETE
400-151CCIE Data Center Written ExamOrder PDFOrder VCEOrder ETE
400-201CCIE SP Written v4.1Order PDFOrder VCEOrder ETE
400-251CCIE Security Written ExamOrder PDFOrder VCEOrder ETE
400-351CCIE Wireless Written ExamOrder PDFOrder VCEOrder ETE
500-006Implementing Cisco TelePresence Video Solution, Part 2Order PDFOrder VCEOrder ETE
500-007Implementing Cisco TelePresence Video Solution, Part 1Order PDFOrder VCEOrder ETE
500-051Unified Communications Contact Center Express Implementation - UCCXOrder PDFOrder VCEOrder ETE
500-052Deploying Cisco Unified Contact Center ExpressOrder PDFOrder VCEOrder ETE
500-170Designing the FlexPod Solution (FPDESIGN)Order PDFOrder VCEOrder ETE
500-171Implementing and Administering the FlexPod Solution (FPIMPADM)Order PDFOrder VCEOrder ETE
500-230Cisco Service Provider Routing Field EngineerOrder PDFOrder VCEOrder ETE
500-240 Cisco Mobile Backhaul for Field EngineersOrder PDFOrder VCEOrder ETE
500-254Implementing and Configuring Cisco Identity Services EngineOrder PDFOrder VCEOrder ETE
500-265Advanced Security Architecture for System EngineersOrder PDFOrder VCEOrder ETE
500-275Securing Cisco Networks with Sourcefire FireAMP EndpointsGet PDF FileOrder VCEOrder ETE
500-285Securing Cisco Networks with Sourcefire Intrusion Prevention SystemOrder PDFOrder VCEOrder ETE
500-301Cisco Cloud Collaboration SolutionsOrder PDFOrder VCEOrder ETE
500-325Cisco Collaboration Servers and AppliancesGet PDF FileOrder VCEOrder ETE
500-451Enterprise Network Unified Access EssentialsOrder PDFOrder VCEOrder ETE
500-452Enterprise Networks Core and WANOrder PDFOrder VCEOrder ETE
500-470Cisco Enterprise Networks SDA, SDWAN and ISE Exam for System EngineersOrder PDFOrder VCEOrder ETE
500-490Designing Cisco Enterprise Networks (ENDESIGN)Order PDFOrder VCEOrder ETE
500-551Cisco Networking: On-Premise and Cloud SolutionsOrder PDFOrder VCEOrder ETE
500-651Advanced Security Architecture for Systems EngineersOrder PDFOrder VCEOrder VCE
500-701Cisco Video Infrastructure DesignGet PDF FileOrder VCEOrder ETE
500-710Video infrastructure implementationGet PDF FileOrder VCEOrder ETE
600-212Implementing Cisco Service Provider Mobility LTE Networks (SPLTE)Get PDF FileOrder VCEOrder ETE
600-455Designing Cisco Unified Contact Center EnterpriseGet PDF FileOrder VCEOrder ETE
600-460Implementing andSupporting Cisco Unified Contact Center EnterpriseGet PDF FileOrder VCEOrder ETE
640-692Supporting Cisco Routing and Switching Network Devices (RSTECH)Get PDF FileOrder VCEOrder ETE
640-875Building Cisco Service Provider Next-Generation Networks, Part 1 (SPNGN1)Order PDFOrder VCEOrder ETE
640-878Building Cisco Service Provider Next-Generation Networks, Part 2 (SPNGN2)Get PDF FileOrder VCEOrder ETE
640-911Introducing Cisco Data Center Networking - DCICNOrder PDFOrder VCEOrder ETE
642-737Implementing Advanced Cisco Unified Wireless Security (IAUWS) v2.0Order PDFOrder VCEOrder ETE
642-742Implementing Cisco Unified Wireless Voice Networks (IUWVN)Order PDFOrder VCEOrder ETE
642-747Implementing Cisco Unified Wireless Mobility Services (IUWMS)Order PDFOrder VCEOrder ETE
642-883Deploying Cisco Service Provider Network Routing (SPROUTE)Order PDFOrder VCEOrder ETE
642-885Deploying Cisco Service Provider Advanced Routing (SPADVROUTE)Order PDFOrder VCEOrder ETE
642-887Implementing Cisco Service Provider Next-Generation Core
Network Services (SPCORE)
Order PDFOrder VCEOrder ETE
642-889Implementing Cisco Service Provider Next-Generation Edge
Network Services (SPEDGE)
Order PDFOrder VCEOrder ETE
642-902Implementing Cisco IP Routing (ROUTE v1.0)Order PDFOrder VCEOrder ETE
642-998Designing Cisco Data Center Unified Computing (DCUCD)Order PDFOrder VCEOrder ETE
644-066Routing and Switching Solutions for System Engineers - RSSSEGet PDF FileOrder VCEOrder ETE
644-068Advanced Routing and Switching for Field Engineers - ARSFEGet PDF FileOrder VCEOrder ETE
646-048Advanced Routing and Switching for Account Managers - ARSAMGet PDF FileOrder VCEOrder ETE
646-365Cisco Express Foundation for Account Managers (CXFA)Get PDF FileOrder VCEOrder ETE
646-985Data Center Networking Solution Sales (DCNSS)Get PDF FileOrder VCEOrder ETE
648-232Cisco WebEx Solutions Design and Implementation - CWSDIOrder PDFOrder VCEOrder ETE
648-244Designing and Implementing Cisco Unified Communications
on Unified Computing Systems - DIUCUCS
Get PDF FileOrder VCEOrder ETE
648-375Cisco Express Foundation for Systems Engineers (CXFS)Get PDF FileOrder VCEOrder ETE
648-385Cisco Express Foundation for Field EngineersGet PDF FileOrder VCEOrder ETE
650-059Cisco Lifecycle Services Advanced Routing and SwitchingGet PDF FileOrder VCEOrder ETE
650-082Mobile Internet Technology for System EngineersGet PDF FileOrder VCEOrder ETE
650-127Authorized Connected Grid Engineer Knowledge VerificationGet PDF FileOrder VCEOrder ETE
650-128Authorized Connected Grid Account Manager Knowledge VerificationGet PDF FileOrder VCEOrder ETE
650-292TelePresence Video Sales Specialist for ExpressGet PDF FileOrder VCEOrder ETE
650-293TelePresence Video Sales Engineer for ExpressGet PDF FileOrder VCEOrder ETE
650-472Introduction to 802.1X Operations for Cisco Security ProfessionalsGet PDF FileOrder VCEOrder ETE
650-474Introducing Cisco Identity Services Engine for System EngineerGet PDF FileOrder VCEOrder ETE
650-621Lifecycle Services for Advanced Wireless LAN (LCSAWLAN)Get PDF FileOrder VCEOrder ETE
650-987Cisco Data Center Unified Computing Sales SpecialistGet PDF FileOrder VCEOrder ETE
700-037Advanced Collaboration Architecture Sales SpecialistOrder PDFOrder VCEOrder ETE
700-038Advanced Collaboration Architecture Field EngineerOrder PDFOrder VCEOrder ETE
700-039Advanced Collaboration Architecture Sales EngineerOrder PDFOrder VCEOrder ETE
700-070Cisco TelePresence IX5000 Series Immersive SolutionsGet PDF FileOrder VCEOrder ETE
700-101Business Edition 6000 for Sales EngineersGet PDF FileOrder VCEOrder ETE
700-104Business Edition 6000 for Account Managers (BE6KAM)Get PDF FileOrder VCEOrder ETE
700-150Introduction to Cisco SalesOrder PDFOrder VCEOrder ETE
700-260Advanced Security Architecture for Account ManagerGet PDF FileOrder VCEOrder ETE
700-265Cisco Advanced Security Architecture for Account ManagersGet PDF FileOrder VCEOrder ETE
700-302Advanced Borderless Network Architecture Field EngineerGet PDF FileOrder VCEOrder ETE
700-501SMB Solutions for EngineersOrder PDFOrder VCEOrder ETE
700-505SMB Solutions for Account ManagersOrder PDFOrder VCEOrder ETE
700-651Cisco Collaboration Architecture Sales EssentialsGet PDF FileOrder VCEOrder ETE
700-703Application Centric Infrastructure for Field Engineers ExamGet PDF FileOrder VCEOrder ETE
700-751Cisco SMB Product and Positioning Technical OverviewOrder PDFOrder VCEOrder ETE
810-403Selling Business OutcomesOrder PDFOrder VCEOrder ETE
810-440Adopting The Cisco Business Architecture ApproachOrder PDFOrder VCEOrder ETE
820-427Building Business Specialist SkillsGet PDF FileOrder VCEOrder ETE
840-450Mastering The Cisco Business Architecture DisciplineOrder PDFOrder VCEOrder ETE
Cisco Exams PREMIUM PDF

Port security

Port security is used to secure the port of a layer 3 switch for the purpose of to not access that port except the dedicated mac address computer, or when some violate that restriction the switch port must be off.

port security-network

  • Switch# conf terminal
  • Switch(conf)#¬† int fa 0/1
  • Switch(conf_if)# switchport mode access
  • Switch(conf_if)# switchport port security
  • Switch(conf_if)# switchport port-security mac-address 00d0.b74f.8218

We can used sticky in place of giving MAC address as

  • Switch(config_if)# switchport port-security mac-address sticky
  • Switch(conf_if)# switchport port-security violation shutdown
  • Switch(conf_if)# exit
  • Switch(conf)#exit
  • When some one violate that restriction then the switch port off to on this port back, as
  • Switch(conf)# int fa 0/1¬†¬†¬†¬†¬†¬†¬† (that port no)
  • Switch(conf_if)# shutdown
  • Switch(conf_if)# no shutdown
  • Switch(conf_if)# exit
  • Switch(conf)# exit

Copyright ©2010 -  2019 Ciscoforall.com | Privacy Policy

Mersin bayan escort

*

EskiŇüehir √ßńĪtńĪr escortlar

*

KapalńĪ escort

*

Mersin eve gelen escort

*

Mersin Akdeniz bayan escort

*

Adanada bayan escort

*

Adanada escort bayan

*

ŇüiŇüman escort adana

*

adana tesett√ľrl√ľ escort

*

adana escort numaralari

*

pubg mobile hileleri