Cisco CCNA Packet Tracer Ultimate labs: Port Security: Can you complete the lab?

Packet Tracer file (PT Version 7.1): https://bit.ly/2HjDQ9x
Get the Packet Tracer course for only $10 by clicking here: https://goo.gl/vikgKN
Get my ICND1 and ICND2 courses for $10 here: https://goo.gl/XR1xm9 (you will get ICND2 as a free bonus when you buy the ICND1 course).

For lots more content, visit http://www.davidbombal.com – learn about GNS3, CCNA, Packet Tracer, Python, Ansible and much, much more.

Understanding How Port Security Works:
You can use port security to block input to an Ethernet, Fast Ethernet, or Gigabit Ethernet port when the MAC address of the station attempting to access the port is different from any of the MAC addresses that are specified for that port. Alternatively, you can use port security to filter traffic that is destined to or received from a specific host that is based on the host MAC address.

Port Security with Dynamically Learned and Static MAC Addresses:
You can use port security with dynamically learned and static MAC addresses to restrict a port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port. When you assign secure MAC addresses to a secure port, the port does not forward ingress traffic that has source addresses outside the group of defined addresses. If you limit the number of secure MAC addresses to one and assign a single secure MAC address, the device attached to that port has the full bandwidth of the port.

A security violation occurs in either of these situations:

•When the maximum number of secure MAC addresses is reached on a secure port and the source MAC address of the ingress traffic is different from any of the identified secure MAC addresses, port security applies the configured violation mode.

•If traffic with a secure MAC address that is configured or learned on one secure port attempts to access another secure port in the same VLAN, applies the configured violation mode.

After you have set the maximum number of secure MAC addresses on a port, port security includes the secure addresses in the address table in one of these ways:

•You can statically configure all secure MAC addresses by using the switchport port-security mac-address mac_address interface configuration command.

•You can allow the port to dynamically configure secure MAC addresses with the MAC addresses of connected devices.

•You can statically configure a number of addresses and allow the rest to be dynamically configured.

If the port has a link-down condition, all dynamically learned addresses are removed.

Following bootup, a reload, or a link-down condition, port security does not populate the address table with dynamically learned MAC addresses until the port receives ingress traffic.

A security violation occurs if the maximum number of secure MAC addresses have been added to the address table and the port receives traffic from a MAC address that is not in the address table.

You can configure the port for one of three violation modes: protect, restrict, or shutdown. See the “Configuring Port Security” section.

To ensure that an attached device has the full bandwidth of the port, set the maximum number of addresses to one and configure the MAC address of the attached device.

Port Security with Sticky MAC Addresses
Port security with sticky MAC addresses provides many of the same benefits as port security with static MAC addresses, but sticky MAC addresses can be learned dynamically. Port security with sticky MAC addresses retains dynamically learned MAC addresses during a link-down condition.

If you enter a write memory or copy running-config startup-config command, then port security with sticky MAC addresses saves dynamically learned MAC addresses in the startup-config file and the port does not have to learn addresses from ingress traffic after bootup or a restart.

subscribe
  • David Bombal

Search

Categories

Recent Posts

How this hacker Hacked NASA in 60 seconds (Real World Tutorial)
YOU have NO excuse now! (Be like Stefan!)
Linux for Hackers Tutorial (And Free Courses)
Install Kali Linux on Windows 11 for FREE
Tails Linux USB with Persistence (Be invisible online in 7 minutes)
Kali Linux USB Live Boot with Persistence (in 5 minutes)
Buffer Overflow Hacking Tutorial (Bypass Passwords)
How to Dual Boot Kali Linux and Windows (in 10 minutes)
Real World Hacking with OTW (Privacy and Cybersecurity IoT warning)
You want Privacy? Ditch Android & Apple and install GrapheneOS (in 8 minutes)
Real World Hacking Tools Tutorial (Target: Tesla)
NSA Backdoor in Windows? This and more from the guy who created Windows Task Manager!
SQL Injection Hacking Tutorial (Beginner to Advanced)
Can AI help you pass your exams? (ChatGPT and Google Bard Exam Quiz Website)
Real World Hacking Demo with OTW
2023 Path to Hacking Success: Top 3 Bug Bounty Tips
Lessons from the Real World (and how you can become an Insider as well)
The New CML (v2.6) is looking great! 😀
Fix slow WiFi ??

Fix slow WiFi ??

Real Talk. Watch and Learn.