How to configure windows 7 as a telnet server
- 1. Enable telnet server at Turn windows feature on or off
- 2. Start the telnet services at services.msc
- 3. Create a user account and password for telnet access at lusrmgr.msc
- 4. Access to telnet from Cmd
Tuesday, 4 August 2015
How to configure windows 7 as a Telnet Server
How to configure windows 7 as a telnet server
Thursday, 30 July 2015
SOP for Resetting Fortigate admin password
The default
administrator account, named admin, initially has no password.
Unlike other administrator accounts,
the admin administrator account exists by default and cannot be deleted.
This administrator account always has full permission to view and change all
FortiRecorder configuration options, including viewing and changing all other
administrator accounts. Its name and permissions cannot be changed.
‘maintainer’ account is
enable by default.
The special hidden “maintainer” user login, which is used
for password recovery. When enabled, the “maintainer” account can log in from
the console after a hard reboot (power off, power on) using the password “bcpb” followed by the FortiGate unit
serial number. eg. bcpbFG900A83901645649.
You have limited time (15 to 30 seconds) to complete this login.
After changing admin password it will only take affect the
admin password of the current configuration and the rest of your configuration
file should be the same as before it reboot. FortiGate system configuration is
automatically save the configuration after every change. By default is
automatic save config.
How to reset lost admin password in Fortigate
Requirements:
How to reset lost admin password in Fortigate
Requirements:
The following equipment were used to test this scenario.
·
FortiGate Firewall
·
Console cable
·
Putty.exe
NOTE : This process will require the hard reboot (power off & on) of the FortiGate.
You have limited time (15-30 sec) to complete this login as user “maintainer” after the boot process. If you take too much time you have to hard reboot the device again.
While it is rebooting you can get the Serial Number from Putty. Just copy and paste it on the Notepad. Prepare username login (maintainer) and password (bcpd+SerialNumber) (eg. bcpbFG900A83901645649) in the notepad for time saving.
Instead of typing it in just do it quickly copy & paste it from notepad. This will prevent the login from timing out.
You have limited time (15-30 sec) to complete this login as user “maintainer” after the boot process. If you take too much time you have to hard reboot the device again.
While it is rebooting you can get the Serial Number from Putty. Just copy and paste it on the Notepad. Prepare username login (maintainer) and password (bcpd+SerialNumber) (eg. bcpbFG900A83901645649) in the notepad for time saving.
Instead of typing it in just do it quickly copy & paste it from notepad. This will prevent the login from timing out.
admin
Passoword Changing Procedure Steps 1 to 7
1. Power off the FortiGate. Wait for at
least 10 sec and then Power On the FortiGate. (if power off and on very fast, there might be
power trip or corrupt the system)
2. Direct
connect your Laptop to a serial console port using Putty.
3. Wait until
the Firewall name and login prompt to appears.
Prepare
user name and password in the notepad for time saving.
5. Password is
bcpb+SerialNumber (eg. bcpbFG900A83901645649)
Instead
of typing it in just do it quickly copy & paste it from notepad that you have
prepared. This will prevent the login from timing out.
6. Press Enter
to login. Now you will be connected to firewall.
7. Finally change
the admin password. execute reboot (optional)
In a unit where vdoms
(Virtual domains (VDOMs)) are not enabled:
config system admin
edit admin
set password
<psswrd>
end
In a unit where vdoms
are enabled:
config global
config system admin
edit admin
set password
<psswrd>
end
By default FortiGate
system configuration is automatically
save the configuration after every change.
Enables or disables
the special hidden “maintainer” user login, which is used for password
recovery. Enable by default.
set admin-maintainer
{enable | disable}
To clear the current
admin password: Not for this scenario. Just for info.
(this is only for
clear / no password for admin you need to know the old password)
config system admin
edit admin
unset password <old
password>
end
Thank You.
Cheers! :)
Yan Linn Aung
Thank You.
Cheers! :)
Yan Linn Aung
Monday, 13 July 2015
DHCP Reservation, DHCP Exclusion and Static IP
Detect and Avoid IP Address Conflicts
From DHCP Server set the conflict detection to a value greater
than 0.
Fix duplicate IP address conflicts on a DHCP network
DHCP Reservation, DHCP Exclusion and Static IP
DHCP Reservation
Client use DHCP request and
DHCP server assign that reserved IP address.
Client MAC address have to Map
with IP address in the DHCP server Reservation List.
DHCP Exclusion
Client use Static IP address
(Server, AD, DNS,..). and DHCP server is never assign that IP address to the
DHCP request clients.
IP address or Range of IP are
excluded in the DHCP server Exclusion list.
Many applications require a static IP. If the server is
configured to use DHCP, the application has no way of knowing that a
reservation exists and may refuse to install. Also some applications tie their license
to an IP address and therefore must be static as well.
Laptops, phones, and any "mobile" devices should
be reserved not static.
It requires no set up on the device and the server will reserve
that address for that device.
If you're referring to network
devices like IP cameras and printers, reservations are definitely the way to go
because you can add a comment in the reservation as to what the device is and
where it's located. Depending on the device, this may be your only means of
documenting that information within the system.
HOW TO - DHCP Reservation
This
scenario IP address is already using as a DHCP client. Then assign it to
Reserved.
DHCP
reservation required to know Client MAC address to MAP with IP address.
Step 1: Unique ID = MAC address
Step 2: Checking after reserved
Step 3: Adding Description for Management purpose
HOW TO - DHCP Exculsion
DHCP
excluded IP address or IP range. It will never assign auto to DHCP client.
When
client is Manually assign Static IP. DHCP server cannot see from Address Lease
for that IP Address.
Step 1:
Exclusion the IP Address (only 1 IP address, just add in at Start IP
only)
Step 2: From
Address Pool can see the excluded IP address
Step 3:
DHCP server cannot see Excluded IP Address from Address Lease
Step 4: Ping
to that Excluded IP address and test connectivity
Saturday, 24 May 2014
Multi-Layer Switching (MLS) & EIGRP LAB
"MLS and EIGRP LAB"
Multi-Layer Switching (MLS) & Enhanced Interior Gateway Routing Protocol (EIGRP)
------------------------------------------------------
Configure the Multilayer Switch so that PCs from VLAN 2 and VLAN 3 can communicate with the Server.
Command explanation
"Layer 3 Switch"
conf t
int gi0/1
no switchport # By default switchport က layer 2 မွာပဲ အလုပ္လုပ္ သည္
ip address 10.10.10.2 255.255.255.0 # no switchport လုပ္ထားမွ IP ေပးလို႔ရသည္
no shutdown
exit
## VLAN creating and IP assign
int vlan 2
ip address 190.200.250.33 255.255.255.224
no shutdown
exit
int vlan 3
ip address 190.200.250.65 255.255.255.224
no shutdown
exit
## Interface Port ကို VLAN assign ခ်ထား
int fa0/10
switchport mode access
switchport access vlan 2
no shutdown
exit
int fa0/11
switchport mode access
switchport access vlan 3
no shutdown
exit
ip routing # Layer 3 routing ကို enable လုပ္သည္။
## EIGRP creating and announcement of connected network
router eigrp 650
network 10.10.10.0 0.0.0.255
network 190.200.250.32 0.0.0.31
network 190.200.250.64 0.0.0.31
no auto-summary # auto-summary လုပ္ထားရင္ 190.200.250.x network class b အေနနဲ႔end # ျမင္မည္။ subnetmask ခြဲထားတာကို မသိေတာ့ဘဲ class A, B or C ပဲ သိေနမည္.
# no auto-summary လုပ္ထားမွာ Subnet mask /27 ခြဲထားတဲ့အတိုင္းသိမည္။
" Router "
conf t
int gi0/0
ip address 10.10.10.1 255.255.255.0
no shutdown
exit
int gi0/1
ip address 172.18.1.1 255.255.255.252
no shutdown
exit
router eigrp 650
network 10.10.10.0 0.0.0.255
network 172.18.1.0 0.0.0.3
no auto-summary
end
copy running-config startup-config
Server နဲ႔ PC ေတြမွာ IP ေပး Subnet ေပး Default Gateway ေပးပါ.
---------------------------------- END --------------------------------------
Study more -- link...
http://www.certprepare.com/mls-and-eigrp-sim#more-50
Have a nice day! Thanks!
Best Regards,
Yan Linn Aung
Multi-Layer Switching (MLS) & Enhanced Interior Gateway Routing Protocol (EIGRP)
------------------------------------------------------
Configure the Multilayer Switch so that PCs from VLAN 2 and VLAN 3 can communicate with the Server.
Command explanation
"Layer 3 Switch"
conf t
int gi0/1
no switchport # By default switchport က layer 2 မွာပဲ အလုပ္လုပ္ သည္
ip address 10.10.10.2 255.255.255.0 # no switchport လုပ္ထားမွ IP ေပးလို႔ရသည္
no shutdown
exit
## VLAN creating and IP assign
int vlan 2
ip address 190.200.250.33 255.255.255.224
no shutdown
exit
int vlan 3
ip address 190.200.250.65 255.255.255.224
no shutdown
exit
## Interface Port ကို VLAN assign ခ်ထား
int fa0/10
switchport mode access
switchport access vlan 2
no shutdown
exit
int fa0/11
switchport mode access
switchport access vlan 3
no shutdown
exit
ip routing # Layer 3 routing ကို enable လုပ္သည္။
## EIGRP creating and announcement of connected network
router eigrp 650
network 10.10.10.0 0.0.0.255
network 190.200.250.32 0.0.0.31
network 190.200.250.64 0.0.0.31
no auto-summary # auto-summary လုပ္ထားရင္ 190.200.250.x network class b အေနနဲ႔end # ျမင္မည္။ subnetmask ခြဲထားတာကို မသိေတာ့ဘဲ class A, B or C ပဲ သိေနမည္.
# no auto-summary လုပ္ထားမွာ Subnet mask /27 ခြဲထားတဲ့အတိုင္းသိမည္။
" Router "
conf t
int gi0/0
ip address 10.10.10.1 255.255.255.0
no shutdown
exit
int gi0/1
ip address 172.18.1.1 255.255.255.252
no shutdown
exit
router eigrp 650
network 10.10.10.0 0.0.0.255
network 172.18.1.0 0.0.0.3
no auto-summary
end
copy running-config startup-config
Server နဲ႔ PC ေတြမွာ IP ေပး Subnet ေပး Default Gateway ေပးပါ.
---------------------------------- END --------------------------------------
Study more -- link...
http://www.certprepare.com/mls-and-eigrp-sim#more-50
Have a nice day! Thanks!
Best Regards,
Yan Linn Aung
Saturday, 3 May 2014
syslog (system logging) Network Monitoring
syslog (System Logging)
syslog is a network monitoring & management protocol. Syslog allow a network-attached device to report and log error and notification messages either locally or to a Server.
Network Monitoring လုပ္တဲ့ထဲမွာ syslog ကလည္းတစ္ခု အပါအ၀င္ျဖစ္ပါတယ္...Network မွာခ်ိတ္ဆက္ထားတဲ့ devices ေတြရဲ႕ အေျခအေနကို သိေစရန္သံုးပါတယ္။ UDP port 514 ကိုသံုးျပီး Remote Syslog server မွာလည္း log ဖမ္းထားနုိင္ပါတယ္...
ကၽြန္ေတာ္တို႔ ရင္းႏွိီးျပီးသား syslog message ေလးကေတာ့ .....
% SYS-5-Config_I: configured from console by console
SW, router ကို configure တစ္ခုခုလုပ္ျပီးတိုင္း ေပၚလာတဲ့ Message ပါ... ဘာေတြလဲဆိုတာေတာ့ ေသခ်ာသိဖို႔ ေနာက္ပုိုင္း ဆက္ေလ့လာပါမယ္...
SW, router ထဲ ၀င္လိုက္ျပီးဆိုရင္ ေပၚလာတဲ့ ေနာက္ message ေတြက Interface status ေတြပါ...
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
Syslog message ေတြကို output အေနနဲ႔ device console, VTY connetcion, system buffer ျပီးေတာ့ Syslog server မွာသိမ္းထားနုိင္ပါတယ္..
syslog messages မွာ အဓိက ႏွစ္ပိုင္းရိွပါတယ္၊ Facilities and Severity Level
Severity Level 0 to 7
Common Facilities:
* SYS (Operating System)
* IP
* Interface (IF)
* Route Swtich Processor (RSP)
* OSPF
* IP Security (IP Sec)
Severity and Facility ရဲ႕ level detail ကို သိခ်င္ရင္ http://en.wikipedia.org/wiki/Syslog
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Syslog Message ကို အေသးစိတ္ေလ့လာႀကရေအာင္...
syslog format ပံုစံကဒီလိုပါ
% FACILITY-SUBFACILITY-Severity-Mnemonic: message text
% SYS-5-Config_I : configured from console by console
ေရွ႕ဆံုးက Facility SYS - 5 က severity Notice - Mnemonic ဆိုတာ Action report ဘာျဖစ္ခဲ့လဲေျပာတာ : ေနာက္ဆံုးကေတာ့ စာသား message ပါပဲ...
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Configuration for syslog
<R1>#conf t
<R1>(config) #logging 10.10.10.1
<R1>(config) #service timestamps debugs datetime msec
<R1>(config) #service timestamps log datetime msec
<R1>(config) #logging facility local3
<R1>(config) #logging trap warning
<R1>#end
<R1>#show logging
logging trap informational # severity level 0 to 7
logging trap debugging # Use the debug level with caution, because it can generate a large amount of syslog traffic in a busy network.
logging facility local4 # Facility Level
logging facility 22
logging 10.10.10.1 # remote server မွာ သိမ္း
logging host inside 10.10.1.1 # Log သိမ္းတဲ့အခါ 10.10.1.1 IP နဲ႔ သိမ္းမယ္
logging source-interface Loopback0 # Log သိမ္းတဲ့အခါ loopback IP နဲ႔ သိမ္းမယ္
logging timestamps # syslog မွာ အခ်ိန္ပါထည့္မွတ္ရန္
Router(config)# service timestamps type datetime[msec] [localtime] [show-timezone]
SW-B(config)#service timestamps debug datetime msec
SW-B(config)#service timestamps log datetime msec
Router, Swithch, Firewall configuration လုပ္ပံုေတြ ကဲြျပားပါတယ္...
For more detail configuration guide
http://www.ciscopress.com/articles/article.asp?p=426638&seqNum=3
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
A detailed explanation of the severity Levels:
DEBUG:
Info useful to developers for debugging the app, not useful during operations
INFORMATIONAL:
Normal operational messages - may be harvested for reporting, measuring throughput, etc - no action required
NOTICE:
Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required
WARNING:
Warning messages - not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time
ERROR:
Non-urgent failures - these should be relayed to developers or admins; each item must be resolved within a given time
ALERT:
Should be corrected immediately - notify staff who can fix the problem - example is loss of backup ISP connection
CRITICAL:
Should be corrected immediately, but indicates failure in a primary system - fix CRITICAL problems before ALERT - example is loss of primary ISP connection
EMERGENCY:
A "panic" condition - notify all tech staff on call? (earthquake? tornado?) - affects multiple apps/servers/sites...
##################### END ######################
More detail >>> Refer from >>>
http://en.wikipedia.org/wiki/Syslog
http://www.ciscopress.com/articles/article.asp?p=426638&seqNum=3
Thank You!
syslog is a network monitoring & management protocol. Syslog allow a network-attached device to report and log error and notification messages either locally or to a Server.
Network Monitoring လုပ္တဲ့ထဲမွာ syslog ကလည္းတစ္ခု အပါအ၀င္ျဖစ္ပါတယ္...Network မွာခ်ိတ္ဆက္ထားတဲ့ devices ေတြရဲ႕ အေျခအေနကို သိေစရန္သံုးပါတယ္။ UDP port 514 ကိုသံုးျပီး Remote Syslog server မွာလည္း log ဖမ္းထားနုိင္ပါတယ္...
ကၽြန္ေတာ္တို႔ ရင္းႏွိီးျပီးသား syslog message ေလးကေတာ့ .....
% SYS-5-Config_I: configured from console by console
SW, router ကို configure တစ္ခုခုလုပ္ျပီးတိုင္း ေပၚလာတဲ့ Message ပါ... ဘာေတြလဲဆိုတာေတာ့ ေသခ်ာသိဖို႔ ေနာက္ပုိုင္း ဆက္ေလ့လာပါမယ္...
SW, router ထဲ ၀င္လိုက္ျပီးဆိုရင္ ေပၚလာတဲ့ ေနာက္ message ေတြက Interface status ေတြပါ...
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
Syslog message ေတြကို output အေနနဲ႔ device console, VTY connetcion, system buffer ျပီးေတာ့ Syslog server မွာသိမ္းထားနုိင္ပါတယ္..
syslog messages မွာ အဓိက ႏွစ္ပိုင္းရိွပါတယ္၊ Facilities and Severity Level
Severity Level 0 to 7
The list of severity Levels: Highest to Lowest
0 Emergency: system is unusable
1 Alert: action must be taken immediately
2 Critical: critical conditions
3 Error: error conditions
4 Warning: warning conditions
5 Notice: normal but significant condition
6 Informational: informational messages
7 Debug: debug-level messages
Recommended practice is to use the Notice or Informational level for normal messages.
Common Facilities:
* SYS (Operating System)
* IP
* Interface (IF)
* Route Swtich Processor (RSP)
* OSPF
* IP Security (IP Sec)
Severity and Facility ရဲ႕ level detail ကို သိခ်င္ရင္ http://en.wikipedia.org/wiki/Syslog
::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
Syslog Message ကို အေသးစိတ္ေလ့လာႀကရေအာင္...
syslog format ပံုစံကဒီလိုပါ
% FACILITY-SUBFACILITY-Severity-Mnemonic: message text
% SYS-5-Config_I : configured from console by console
ေရွ႕ဆံုးက Facility SYS - 5 က severity Notice - Mnemonic ဆိုတာ Action report ဘာျဖစ္ခဲ့လဲေျပာတာ : ေနာက္ဆံုးကေတာ့ စာသား message ပါပဲ...
Configuration for syslog
<R1>#conf t
<R1>(config) #logging 10.10.10.1
<R1>(config) #service timestamps debugs datetime msec
<R1>(config) #service timestamps log datetime msec
<R1>(config) #logging facility local3
<R1>(config) #logging trap warning
<R1>#end
<R1>#show logging
logging trap informational # severity level 0 to 7
logging trap debugging # Use the debug level with caution, because it can generate a large amount of syslog traffic in a busy network.
Note
When a level is specified in the logging trap level command, the router is configured to send messages with lower severity levels as well. For example, thelogging trap warning command configures the router to send all messages with the severity warning, error, critical, and emergency. Similarly, the logging trap debug command causes the router to send all messages to the syslog server. Exercise caution while enabling the debug level. Because the debug process is assigned a high CPU priority, using it in a busy network can cause the router to crash.
logging facility 22
logging 10.10.10.1 # remote server မွာ သိမ္း
logging host inside 10.10.1.1 # Log သိမ္းတဲ့အခါ 10.10.1.1 IP နဲ႔ သိမ္းမယ္
logging source-interface Loopback0 # Log သိမ္းတဲ့အခါ loopback IP နဲ႔ သိမ္းမယ္
logging timestamps # syslog မွာ အခ်ိန္ပါထည့္မွတ္ရန္
Router(config)# service timestamps type datetime[msec] [localtime] [show-timezone]
SW-B(config)#service timestamps debug datetime msec
SW-B(config)#service timestamps log datetime msec
http://www.ciscopress.com/articles/article.asp?p=426638&seqNum=3
:::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::::
A detailed explanation of the severity Levels:
DEBUG:
Info useful to developers for debugging the app, not useful during operations
INFORMATIONAL:
Normal operational messages - may be harvested for reporting, measuring throughput, etc - no action required
NOTICE:
Events that are unusual but not error conditions - might be summarized in an email to developers or admins to spot potential problems - no immediate action required
WARNING:
Warning messages - not an error, but indication that an error will occur if action is not taken, e.g. file system 85% full - each item must be resolved within a given time
ERROR:
Non-urgent failures - these should be relayed to developers or admins; each item must be resolved within a given time
ALERT:
Should be corrected immediately - notify staff who can fix the problem - example is loss of backup ISP connection
CRITICAL:
Should be corrected immediately, but indicates failure in a primary system - fix CRITICAL problems before ALERT - example is loss of primary ISP connection
EMERGENCY:
A "panic" condition - notify all tech staff on call? (earthquake? tornado?) - affects multiple apps/servers/sites...
##################### END ######################
More detail >>> Refer from >>>
http://en.wikipedia.org/wiki/Syslog
http://www.ciscopress.com/articles/article.asp?p=426638&seqNum=3
Thank You!
Friday, 2 May 2014
About switchport port-security
What is port-security?
Monitoring the switch’s port interface.
To allow only permit host to connect to the Network.
By using Client MAC address we can
use this.
သတ္မွတ္ထားေသာ PC or host ကိုသာ
Network ထဲမွာ ေပးသံုးခ်င္တဲ့အခါမွာ Port-security ကိုသံုးပါတယ္. PC or Client ရဲ႕
MAC-Address သံုးျပီး သတ္မွတ္နိုင္ပါတယ္. Allow လုပ္ထားတဲ့ PC မဟုတ္ဘဲ အျခား
compuer / device လာတပ္တဲ့အခါ Network ထဲကို ၀င္ခြင့္ သံုးခြင့္မေပးေအာင္လုပ္ပါတယ္.
Violation mode အေနနဲ႔ ၃ မ်ိဳး ရိွတယ္…
1. Protect which discards the traffic but keeps the port up and does not send a SNMP message. The Security Violation counter not use. No count. No Log.
2. Restrict which discards the traffic but keeps the port up and sends a SNMP message. A port security violation restricts data and causes the Security Violation counter to increment and send an SNMP trap notification. syslog message is logged via SNMP
3. Shutdown which discards the traffic and disables the port and sends a SNMP message. The interface is error-disabled when a security violation occurs. Administrator က switch port ကို shut / no shut လုပ္မွသာ ျပန္ျပီး သံုး၍ရမည္. Shutdown mode is the default port-security mode.
Protect & Restrict mode က နဂို allow လုပ္ထားတဲ့ device ကို ျပန္တပ္ရင္ ျပန္သံုး၍ရသည္။
Configuration Example:
1. Protect which discards the traffic but keeps the port up and does not send a SNMP message. The Security Violation counter not use. No count. No Log.
2. Restrict which discards the traffic but keeps the port up and sends a SNMP message. A port security violation restricts data and causes the Security Violation counter to increment and send an SNMP trap notification. syslog message is logged via SNMP
3. Shutdown which discards the traffic and disables the port and sends a SNMP message. The interface is error-disabled when a security violation occurs. Administrator က switch port ကို shut / no shut လုပ္မွသာ ျပန္ျပီး သံုး၍ရမည္. Shutdown mode is the default port-security mode.
Protect & Restrict mode က နဂို allow လုပ္ထားတဲ့ device ကို ျပန္တပ္ရင္ ျပန္သံုး၍ရသည္။
Configuration Example:
Switch(config)# interface gig0/2
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 1
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security violation shutdown
Switch(config-if)#end
:::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::
clear port-security dynamic [address <mac> | interface <interface>]
errdisable recovery cause security-violation
:::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::
To Verify the port security status use "show port-security"
sh port-security
sh port-security address
sh port-security interface f0/1
sh mac-address table
show interfaces status err-disabled
show errdisable detect
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 1
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security violation shutdown
Switch(config-if)#end
:::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::
clear port-security dynamic [address <mac> | interface <interface>]
errdisable recovery cause security-violation
:::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::
To Verify the port security status use "show port-security"
sh port-security
sh port-security address
sh port-security interface f0/1
sh mac-address table
show interfaces status err-disabled
show errdisable detect
Refer: for more detail >>
Thursday, 1 May 2014
switchport port-security
About port-security.
To enable / configure port-security on Switch interface
1. Switch port must be access mode. Port security cannot configure in the interface Dynamic Desirable mode.
2. By default, the switchport security feature is disabled on all switchports and must be enabled.
----------------------------------------------------------
>>> Step 1. checking interface fa0/4 admin mode status
>>> Step 3. configuring interface fa0/4 as access port
To enable / configure port-security on Switch interface
1. Switch port must be access mode. Port security cannot configure in the interface Dynamic Desirable mode.
2. By default, the switchport security feature is disabled on all switchports and must be enabled.
----------------------------------------------------------
>>> Step 1. checking interface fa0/4 admin mode status
SW#sh
interfaces fa0/4 switchport
Name: Fa0/4
Switchport: Enabled
Administrative
Mode: dynamic auto
Operational Mode: static access
Administrative Trunking Encapsulation:
dot1q
Operational Trunking Encapsulation: native
>>> Step 2. configuring port security in interface fa0/4
SW(config)#int fa0/4
SW(config-if)#switchport port-security
Command rejected: FastEthernet0/4 is a dynamic port.
>>> Step 3. configuring interface fa0/4 as access port
SW(config)#int fa0/4
SW(config-if)#switchport mode access
SW(config-if)#switchport port-security
SW(config-if)#end
SW#show port-security interface fastEthernet 0/4
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
SW#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
--------------------------------------------------------------------
Fa0/4 1 0 0 Shutdown
----------------------------------------------------------------------
###################### END #########################
reference from / Further Studies...
Subscribe to:
Posts (Atom)