welcome the rhesus CO C C and be switched 201 05 example of serious when it was professionally and it is every thought we're gonna focus on port security. We can apply for security at the port level by restricted, which mark addresses allowed the access the port. Ideally, you would enable port security on your access layer. Searches connected their devices.
You could choose tighter statically configure the Mac address that are allowed on the port. Or you could go to figure the port the dynamically lorne a secure mark address only the Mac address or mark addresses which are configured eider, statically or dynamically, will be allowed to use support the game Network access
the conference report Security from the interfere stop configuration. Would you would issue the command switch port port security. This would enable port security with its default settings. The boxing, um, back address allowed is gonna be one
on a default violation is gonna be shut down.
Say, for instance, you plug in the device into the port airport security is enabled on, and you quickly unplug it and plug in order devices that I see in port the port would go into the air, a disabled state and it will be shut down. Then you would have to re label a pork either manually or you could use the air disable recovery feature which recovered
in a previous episode.
Actually, you could set the maximum no more secure mark addresses with a command switchboard. Port security maximum. AnAnd you It entered a number of secure maximum market dress.
He was for the sport, optionally because Stanley said the mark address or the command switchboard Port security mark address. And you attended a mark address
seeking under multiple static entries.
The mark addresses limit is gonna be based on the maximum load off secured mark addresses on the port. By default, we turn in. Port security is gonna be one. See if you want multiple mark addresses on the port. Well, then you would have to use this command switchboard. Port security maximum
optional. You could set the port the Lord Marke address dynamically with a common switchboard. Port security mark. Address sticky
honey. For example. If you have a number of mark addresses which you want to restrict from this particular port, you could use a commander switch port port security mark address forbidden. And then you would enter the mouth addresses, which you wanted deny access on the sport. Optionally. You could change the violation from the default being shut down, the either protect or restrict.
Not if he chews. The protect option is gonna silently draughts on it would not generate
any notification, nor would it shut down the port
as opposed to restrict, which is going to generate on alert. In addition to drop in the pockets. But with a strict on protect, the port would remain up.
Only the shot dung violation option would shut the poor dog.
Not also the shotgun violation, which is the default also generates a lot message whenever a violation, of course, in a port goes into the area the sale of state. So just keep that in mind when you're changing the violation for reports in your switches to verify your duties to the commander show port security. I'm gonna bring up a lot no, so we can see how we would set up port security
in this love will enable port security on the facet net 10 12 interferes
on it like work to its end
connected. That's is quite the food
we leave it with a default violation would've shot dung
so we can see the message that is gonna be generated
once a violation, of course.
So over here and then, like work, too.
Currently, then the fierce is in its default mode. So we'll configure the port as an access port.
No, we will enable port security but a combined switch. Port port security.
So instead of my newly entering the secure mark address which we won't allow in the sport weaken dynamically, Lorna, Mark address with a sticky option. So I'll use a combined switch. Port Port Security
on the keyword Sticky? No. By default, only one mark address is going to be allowed. We can quickly very frighten us by using common show port security.
Here we can see the know of ports that off port security enable. But if we want to see more information, we can talk on the keyword interference on specified interfaced. Dario, we can see a maximum Mac addresses allowed is currently one port security is currently enabled
for its status is secure up on the default violation mode
is currently shut down. Know what this sticky option. Did
it? Learned the market resident comically for us on it. Ha recorded it on the interface, or we want to see a violation occur for us. We're gonna shut down the interference. Then we need to clear the market dress, which was learned by sticky.
So are you gonna easy to come on,
Port security. I'm gonna specify this sticky option.
No, we'll specify the Inter fierce Gary Go
says you can see the mark address is no longer listed on the report. No. We'll go into the port. I will configure a fictitious Mac address, which is different from that of the device connected to the fast ones. You're 12 interface, so use a command switch. Port,
port security and well defined a fictitious Mac address,
which is a lot with connected a sport.
No, we're going to re enable the port within no shot. Come on.
It's gonna take a few seconds. But we should get the violation according here, so we can see the device is being powered up. There we go
after the device. Sort of boot it up. We get a notification message telling us
Be secure. Violation, error detected on the faceted 10 12 interferes
and in the face is being placed in the air. A disabled state
security violation occurred
on it was caused by this particular mark address, which is the actual device mark addresses. But because we hard coded
I'm back address which is allowed to access support
the difference with the actual device mark address
the port was placed in there the stable state.
Similarly, for your on the shore port security
specify the interferes.
No, we can see it seems the port status
is secure. Shutdown.
You can also run to showing the freest status. Come on
and pipe it include error.
There we go. We can see the interface listed on it, says very disabled.
To bring about the interference, we would have to manually shut the no shoddy in defense. Or we can use the air a disabled recovery feature, which we covered in a previous episode. In this case, we'll use the manual method.
Then the face is gonna come up. But we'll also need to take off the static entry which we entered because the port is going to go back into the area. Disable state
So we will begin the common with no key work in front of a common.
We could see the into feast port status is back to sick Europe.
So that's how we would set up for its security. All right, let's go back the slights. We have a post assessment question which command dynamically creates a mark entry under the interferes a spaceport Port security. Sticky muck be
so export Port security mark Address sticky
or a C so export port security hardware sticky
on answers be so export Port security, Mac address sticky.
And that is luxury worked with port security before us. Look at how we would enable poor security with its default settings.
Next, we saw how the Lord Mac address dynamically with a sticky option. Finally, we saw how to bring interferes out of the area. The stable state. In the next video, we will look at private villain. This is Philip Pension. Only one tank, which was in cyber