SlideShare a Scribd company logo

Port Security

NetProtocol Xpert, profile picture
NetProtocol Xpert

This document discusses port security on Cisco switches. It explains that by default all switch ports are open, allowing any device to connect. Port security allows restricting a port to only allow specific MAC addresses, preventing unauthorized access. It provides steps to configure port security by defining the port as an access port, enabling port security, and specifying allowed MAC addresses. It also describes optional settings like violation actions and maximum MAC addresses. An example configuration is given to demonstrate learning and blocking additional MACs on a port.

Engineering
Related topics:
Data Center Overview Information SecurityComputer NetworkingCloud Computing Insights
1 of 8
1
2
Most read
3
Most read
4
5
6
7
8
Most read
www.netprotocolxpert.in
 By default, all interfaces on a Cisco switch are turned on.  That means that an attacker could connect to your network through a wall socket and potentially threaten your network.  If you know which devices will be connected to which ports, you can use the Cisco security feature called port security.  By using port security, a network administrator can associate specific MAC addresses with the interface, which can prevent an attacker to connect his device.  This way you can restrict access to an interface so that only the authorized devices can use it. If an unauthorized device is connected, you can decide what action the switch will take, for example discarding the traffic and shutting down the port.
 To configure port security, three steps are required: 1. Define the interface as an access interface by using the switchport mode access interface subcommand 2. Enable port security by using the switchport port- security interface subcommand 3. Define which MAC addresses are allowed to send frames through this interface by using the switchport port-security mac-address MAC_ADDRESS interface subcommand or using the swichport port-security mac-address sticky interface subcommand to dynamically learn the MAC address of the currently connected host
 Two steps are optional: 1. Define what action the switch will take when receiving a frame from an unauthorized device by using the port security violation {protect | restrict | shutdown} interface subcommand. All three options discards the traffic from the unauthorized device. The restrict and shutdown options send a log messages when a violation occurs. Shut down mode also shuts down the port. 2. Define the maximum number of MAC addresses that can be used on the port by using the switchport port-security maximum NUMBER interface submode command
 The following example shows the configuration of port security on a Cisco switch:
 First, we need to enable port security and define which MAC addresses are allowed to send frames:
 Next, by using the show port-security interface fa0/1 we can see that the switch has learned the MAC address of host A:
 By default, the maximum number of allowed MAC addresses are one, so if we connect another host to the same port, the security violation will occur:  Status code of „err-disabled“ means that the security violation occurred on the port.  NOTE - to enable the port, we need to use the shutdown and no shutdown interface subcommands

More Related Content

PPTX
AAA Implementation
Ahmad El Tawil
 
PPTX
Network Security- port security.pptx
SulSya
 
PPTX
Switching and Port Security
usman19
 
PDF
Network security
Christalin Nelson
 
PPT
Arp spoofing
Luthfi Widyanto
 
PPTX
Access Control List (ACL)
ISMT College
 
PDF
Ch 11: Hacking Wireless Networks
Sam Bowne
 
PPTX
WPA 3
diggu22
 
AAA Implementation
Ahmad El Tawil
 
Network Security- port security.pptx
SulSya
 
Switching and Port Security
usman19
 
Network security
Christalin Nelson
 
Arp spoofing
Luthfi Widyanto
 
Access Control List (ACL)
ISMT College
 
Ch 11: Hacking Wireless Networks
Sam Bowne
 
WPA 3
diggu22
 

What's hot (20)

PDF
Ccnp workbook network bulls
Swapnil Kapate
 
PDF
CCNAv5 - S2: Chapter3 Vlans
Vuz Dở Hơi
 
DOCX
Cisco router configuration tutorial
IT Tech
 
PPT
CCNA Basic Switching and Switch Configuration
Dsunte Wilson
 
PPTX
VLANs_Module_3.pptx
BOURY1
 
PPTX
CCNA 2 Routing and Switching v5.0 Chapter 11
Nil Menon
 
PDF
2.2.4.9 packet tracer configuring switch port security instructions - ig
Alex Ramirez
 
PDF
Cisco commands List for Beginners (CCNA, CCNP)
DH Da Lat
 
PPTX
Chapter 10 : Application layer
teknetir
 
PDF
CSMA/CD
sainadh kamatala
 
PPT
Spanning tree protocol
Muuluu
 
PPT
IP adress and routing(networking)
welcometofacebook
 
PPTX
WLAN
Mukesh Chinta
 
DOC
Cisco switch commands cheat sheet
3Anetwork com
 
PDF
ArubaOS 6.3.x Quick Start Guide
Aruba, a Hewlett Packard Enterprise company
 
PPT
Router configuration
Claret Malmaceda Castillo
 
PPTX
CCNA 1 Routing and Switching v5.0 Chapter 1
Nil Menon
 
DOCX
Vlsm
GLIM Digital
 
PPTX
WiFi Secuiry: Attack & Defence
Prakashchand Suthar
 
PPTX
Message queuing telemetry transport (mqtt) message format
Hamdamboy (함담보이)
 
Ccnp workbook network bulls
Swapnil Kapate
 
CCNAv5 - S2: Chapter3 Vlans
Vuz Dở Hơi
 
Cisco router configuration tutorial
IT Tech
 
CCNA Basic Switching and Switch Configuration
Dsunte Wilson
 
VLANs_Module_3.pptx
BOURY1
 
CCNA 2 Routing and Switching v5.0 Chapter 11
Nil Menon
 
2.2.4.9 packet tracer configuring switch port security instructions - ig
Alex Ramirez
 
Cisco commands List for Beginners (CCNA, CCNP)
DH Da Lat
 
Chapter 10 : Application layer
teknetir
 
CSMA/CD
sainadh kamatala
 
Spanning tree protocol
Muuluu
 
IP adress and routing(networking)
welcometofacebook
 
WLAN
Mukesh Chinta
 
Cisco switch commands cheat sheet
3Anetwork com
 
ArubaOS 6.3.x Quick Start Guide
Aruba, a Hewlett Packard Enterprise company
 
Router configuration
Claret Malmaceda Castillo
 
CCNA 1 Routing and Switching v5.0 Chapter 1
Nil Menon
 
Vlsm
GLIM Digital
 
WiFi Secuiry: Attack & Defence
Prakashchand Suthar
 
Message queuing telemetry transport (mqtt) message format
Hamdamboy (함담보이)
 
Ad

Viewers also liked (20)

PPTX
Cisco CCNA Port Security
Hamed Moghaddam
 
DOCX
How to configure port security in cisco switch
IT Tech
 
PPT
Port security
borepatch
 
PDF
Ip -subnetting
nithinj54
 
PDF
Visual ip subnetting
SMC Networks Europe
 
PPTX
Port Security - Possible Technology Interventions and Solutioning
Amol Vidwans
 
PPT
Container Security Initiative CSI
CargoTrax Singapore Pte Ltd
 
PPTX
How to create Security on Cisco switch
tcpipguru
 
PDF
Africa 24 6 2011 Port Security Pdf
Firoze Hussain
 
PPT
TCP/IP Basics
SMC Networks Europe
 
PPT
Cisco Switch Security
dkaya
 
PPTX
Mac addresses(media access control)
Ismail Mukiibi
 
PDF
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 
PPTX
Subnetting Basics Tutorial
mikem801
 
PPTX
Switching
sheekha_11
 
PPT
Switching Techniques
tameemyousaf
 
PPS
Ip address
Amandeep Kaur
 
PPTX
Computer network switching
Shivani Godha
 
PPTX
Medium Access Control
anishgoel
 
PPT
Ip address and subnetting
IGZ Software house
 
Cisco CCNA Port Security
Hamed Moghaddam
 
How to configure port security in cisco switch
IT Tech
 
Port security
borepatch
 
Ip -subnetting
nithinj54
 
Visual ip subnetting
SMC Networks Europe
 
Port Security - Possible Technology Interventions and Solutioning
Amol Vidwans
 
Container Security Initiative CSI
CargoTrax Singapore Pte Ltd
 
How to create Security on Cisco switch
tcpipguru
 
Africa 24 6 2011 Port Security Pdf
Firoze Hussain
 
TCP/IP Basics
SMC Networks Europe
 
Cisco Switch Security
dkaya
 
Mac addresses(media access control)
Ismail Mukiibi
 
Cisco Router and Switch Security Hardening Guide
Harris Andrea
 
Subnetting Basics Tutorial
mikem801
 
Switching
sheekha_11
 
Switching Techniques
tameemyousaf
 
Ip address
Amandeep Kaur
 
Computer network switching
Shivani Godha
 
Medium Access Control
anishgoel
 
Ip address and subnetting
IGZ Software house
 
Ad

Similar to Port Security (20)

DOCX
Switchport port security explained with examples
teameassefa
 
PPTX
SRWE_Module_11.pptx
Josimar Caitano
 
PPTX
Security Concerns in LANs.pptx
joko
 
PPTX
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
INFitunes
 
PPT
Cap2 configuring switch
Hector Camba Lainez
 
PDF
Cisco Switch How To - Secure a Switch Port
IPMAX s.r.l.
 
DOCX
Configuring dynamic switchport security
IT Tech
 
PPTX
Attack.pptx
ISMT College
 
PPTX
Switch security
nullowaspmumbai
 
PPT
Cisco Training CCNA and Routing Switching.ppt
AniruddhSharma65
 
PPTX
CCNA2 Verson6 Chapter5
Chaing Ravuth
 
PDF
Securing Switch Access
Netwax Lab
 
PPTX
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
Abdelkhalik Mosa
 
PPT
Mitigating Layer2 Attacks
dkaya
 
PPTX
Chapter 13 : Introduction to switched networks
teknetir
 
PPTX
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 5
Waqas Ahmed Nawaz
 
PPTX
PC LEESOON 6.pptx
MLG College of Learning, Inc
 
PPTX
CCNA 2 Routing and Switching v5.0 Chapter 2
Nil Menon
 
PPTX
CCNA_RSE_Chp5 Switch Configuration For Network
MonchaiPhaichitchan1
 
PPTX
KPUCC-Rs instructor ppt_chapter2_final
Fisal Anwari
 
Switchport port security explained with examples
teameassefa
 
SRWE_Module_11.pptx
Josimar Caitano
 
Security Concerns in LANs.pptx
joko
 
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
INFitunes
 
Cap2 configuring switch
Hector Camba Lainez
 
Cisco Switch How To - Secure a Switch Port
IPMAX s.r.l.
 
Configuring dynamic switchport security
IT Tech
 
Attack.pptx
ISMT College
 
Switch security
nullowaspmumbai
 
Cisco Training CCNA and Routing Switching.ppt
AniruddhSharma65
 
CCNA2 Verson6 Chapter5
Chaing Ravuth
 
Securing Switch Access
Netwax Lab
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
Abdelkhalik Mosa
 
Mitigating Layer2 Attacks
dkaya
 
Chapter 13 : Introduction to switched networks
teknetir
 
CCNA (R & S) Module 03 - Routing & Switching Essentials - Chapter 5
Waqas Ahmed Nawaz
 
PC LEESOON 6.pptx
MLG College of Learning, Inc
 
CCNA 2 Routing and Switching v5.0 Chapter 2
Nil Menon
 
CCNA_RSE_Chp5 Switch Configuration For Network
MonchaiPhaichitchan1
 
KPUCC-Rs instructor ppt_chapter2_final
Fisal Anwari
 

More from NetProtocol Xpert (20)

PPTX
Basic Cisco ASA 5506-x Configuration (Firepower)
NetProtocol Xpert
 
PPTX
MPLS Layer 3 VPN
NetProtocol Xpert
 
PPTX
Common Layer 2 Threats, Attacks & Mitigation
NetProtocol Xpert
 
PPTX
Storm-Control
NetProtocol Xpert
 
PPTX
Dynamic ARP Inspection (DAI)
NetProtocol Xpert
 
PPTX
IP Source Guard
NetProtocol Xpert
 
PPTX
DHCP Snooping
NetProtocol Xpert
 
PPTX
Password Recovery
NetProtocol Xpert
 
PPTX
Application & Data Center
NetProtocol Xpert
 
PPTX
Cisco ISR 4351 Router
NetProtocol Xpert
 
PPTX
Cisco ASR 1001-X Router
NetProtocol Xpert
 
PPTX
Securing management, control & data plane
NetProtocol Xpert
 
PPTX
Point to-point protocol (ppp), PAP & CHAP
NetProtocol Xpert
 
PPTX
Avoid DNS lookup when mistyping a command
NetProtocol Xpert
 
PPTX
TCLSH and Macro Ping Test on Cisco Routers and Switches
NetProtocol Xpert
 
PPTX
Private VLANs
NetProtocol Xpert
 
PPTX
MTU (maximum transmission unit) & MRU (maximum receive unit)
NetProtocol Xpert
 
PPTX
OTV Configuration
NetProtocol Xpert
 
PPTX
Cisco OTV 
NetProtocol Xpert
 
PPTX
OTV(Overlay Transport Virtualization)
NetProtocol Xpert
 
Basic Cisco ASA 5506-x Configuration (Firepower)
NetProtocol Xpert
 
MPLS Layer 3 VPN
NetProtocol Xpert
 
Common Layer 2 Threats, Attacks & Mitigation
NetProtocol Xpert
 
Storm-Control
NetProtocol Xpert
 
Dynamic ARP Inspection (DAI)
NetProtocol Xpert
 
IP Source Guard
NetProtocol Xpert
 
DHCP Snooping
NetProtocol Xpert
 
Password Recovery
NetProtocol Xpert
 
Application & Data Center
NetProtocol Xpert
 
Cisco ISR 4351 Router
NetProtocol Xpert
 
Cisco ASR 1001-X Router
NetProtocol Xpert
 
Securing management, control & data plane
NetProtocol Xpert
 
Point to-point protocol (ppp), PAP & CHAP
NetProtocol Xpert
 
Avoid DNS lookup when mistyping a command
NetProtocol Xpert
 
TCLSH and Macro Ping Test on Cisco Routers and Switches
NetProtocol Xpert
 
Private VLANs
NetProtocol Xpert
 
MTU (maximum transmission unit) & MRU (maximum receive unit)
NetProtocol Xpert
 
OTV Configuration
NetProtocol Xpert
 
Cisco OTV 
NetProtocol Xpert
 
OTV(Overlay Transport Virtualization)
NetProtocol Xpert
 

Recently uploaded (20)

PDF
Advanced LangChain & RAG: Building a Financial AI Assistant with Real-Time Data
Soufiane Sejjari
 
PDF
2010_Book_EnvironmentalBioengineering (1).pdf
EmilianoRodriguezTll
 
PDF
dse_final_merit_2025_26 gtgfffffcjjjuuyy
rushabhjain127
 
PPTX
easa module 3 funtamental electronics.pptx
tryanothert7
 
PDF
EVS+PRESENTATIONS EVS+PRESENTATIONS like
saiyedaqib429
 
PPTX
Tunnel Ventilation System in Kanpur Metro
220105053
 
PDF
Biodegradable Plastics: Innovations and Market Potential (www.kiu.ac.ug)
publication11
 
PPTX
FUNDAMENTALS OF ELECTRIC VEHICLES UNIT-1
MikkiliSuresh
 
PPT
Ppt for engineering students application on field effect
lakshmi.ec
 
PDF
2025 Laurence Sigler - Advancing Decision Support. Content Management Ecommer...
Francisco Javier Mora Serrano
 
PDF
Chad Ayach - A Versatile Aerospace Professional
Chad Ayach
 
PPTX
MSME 4.0 Template idea hackathon pdf to understand
alaudeenaarish
 
PDF
67243-Cooling and Heating & Calculation.pdf
DHAKA POLYTECHNIC
 
PDF
Natural_Language_processing_Unit_I_notes.pdf
sanguleumeshit
 
PPTX
22PCOAM21 Session 2 Understanding Data Source.pptx
Guru Nanak Technical Institutions
 
PDF
67243-Cooling and Heating & Calculation.pdf
DHAKA POLYTECHNIC
 
PDF
Introduction to Ship Engine Room Systems.pdf
Mahmoud Moghtaderi
 
PDF
Zero carbon Building Design Guidelines V4
BassemOsman1
 
PPT
1. SYSTEMS, ROLES, AND DEVELOPMENT METHODOLOGIES.ppt
zilow058
 
PDF
Unit I Part II.pdf : Security Fundamentals
Dr. Madhuri Jawale
 
Advanced LangChain & RAG: Building a Financial AI Assistant with Real-Time Data
Soufiane Sejjari
 
2010_Book_EnvironmentalBioengineering (1).pdf
EmilianoRodriguezTll
 
dse_final_merit_2025_26 gtgfffffcjjjuuyy
rushabhjain127
 
easa module 3 funtamental electronics.pptx
tryanothert7
 
EVS+PRESENTATIONS EVS+PRESENTATIONS like
saiyedaqib429
 
Tunnel Ventilation System in Kanpur Metro
220105053
 
Biodegradable Plastics: Innovations and Market Potential (www.kiu.ac.ug)
publication11
 
FUNDAMENTALS OF ELECTRIC VEHICLES UNIT-1
MikkiliSuresh
 
Ppt for engineering students application on field effect
lakshmi.ec
 
2025 Laurence Sigler - Advancing Decision Support. Content Management Ecommer...
Francisco Javier Mora Serrano
 
Chad Ayach - A Versatile Aerospace Professional
Chad Ayach
 
MSME 4.0 Template idea hackathon pdf to understand
alaudeenaarish
 
67243-Cooling and Heating & Calculation.pdf
DHAKA POLYTECHNIC
 
Natural_Language_processing_Unit_I_notes.pdf
sanguleumeshit
 
22PCOAM21 Session 2 Understanding Data Source.pptx
Guru Nanak Technical Institutions
 
67243-Cooling and Heating & Calculation.pdf
DHAKA POLYTECHNIC
 
Introduction to Ship Engine Room Systems.pdf
Mahmoud Moghtaderi
 
Zero carbon Building Design Guidelines V4
BassemOsman1
 
1. SYSTEMS, ROLES, AND DEVELOPMENT METHODOLOGIES.ppt
zilow058
 
Unit I Part II.pdf : Security Fundamentals
Dr. Madhuri Jawale
 

Port Security

  • 2.  By default, all interfaces on a Cisco switch are turned on.  That means that an attacker could connect to your network through a wall socket and potentially threaten your network.  If you know which devices will be connected to which ports, you can use the Cisco security feature called port security.  By using port security, a network administrator can associate specific MAC addresses with the interface, which can prevent an attacker to connect his device.  This way you can restrict access to an interface so that only the authorized devices can use it. If an unauthorized device is connected, you can decide what action the switch will take, for example discarding the traffic and shutting down the port.
  • 3.  To configure port security, three steps are required: 1. Define the interface as an access interface by using the switchport mode access interface subcommand 2. Enable port security by using the switchport port- security interface subcommand 3. Define which MAC addresses are allowed to send frames through this interface by using the switchport port-security mac-address MAC_ADDRESS interface subcommand or using the swichport port-security mac-address sticky interface subcommand to dynamically learn the MAC address of the currently connected host
  • 4.  Two steps are optional: 1. Define what action the switch will take when receiving a frame from an unauthorized device by using the port security violation {protect | restrict | shutdown} interface subcommand. All three options discards the traffic from the unauthorized device. The restrict and shutdown options send a log messages when a violation occurs. Shut down mode also shuts down the port. 2. Define the maximum number of MAC addresses that can be used on the port by using the switchport port-security maximum NUMBER interface submode command
  • 5.  The following example shows the configuration of port security on a Cisco switch:
  • 6.  First, we need to enable port security and define which MAC addresses are allowed to send frames:
  • 7.  Next, by using the show port-security interface fa0/1 we can see that the switch has learned the MAC address of host A:
  • 8.  By default, the maximum number of allowed MAC addresses are one, so if we connect another host to the same port, the security violation will occur:  Status code of „err-disabled“ means that the security violation occurred on the port.  NOTE - to enable the port, we need to use the shutdown and no shutdown interface subcommands