Friday, 2 May 2014

About switchport port-security

What is port-security?

Monitoring the switch’s port interface. To allow only permit host to connect to the Network.
By using Client MAC address we can use this. 

သတ္မွတ္ထားေသာ PC or host ကိုသာ Network ထဲမွာ ေပးသံုးခ်င္တဲ့အခါမွာ Port-security ကိုသံုးပါတယ္. PC or Client ရဲ႕ MAC-Address သံုးျပီး သတ္မွတ္နိုင္ပါတယ္. Allow လုပ္ထားတဲ့ PC မဟုတ္ဘဲ အျခား compuer / device လာတပ္တဲ့အခါ Network ထဲကို ၀င္ခြင့္ သံုးခြင့္မေပးေအာင္လုပ္ပါတယ္.
Violation mode အေနနဲ႔ ၃ မ်ိဳး ရိွတယ္…

1. Protect which discards the traffic but keeps the port up and does not send a SNMP message. The Security Violation counter not use. No count. No Log. 
2. Restrict which discards the traffic but keeps the port up and sends a SNMP message. A port security violation restricts data and causes the Security Violation counter to increment and send an SNMP trap notification.  syslog message is logged via SNMP 
3. Shutdown which discards the traffic and disables the port and sends a SNMP message. The interface is error-disabled when a security violation occurs. Administrator က switch port ကို shut / no shut လုပ္မွသာ ျပန္ျပီး သံုး၍ရမည္. Shutdown mode is the default port-security mode.
Protect & Restrict mode က နဂို allow လုပ္ထားတဲ့ device ကို ျပန္တပ္ရင္ ျပန္သံုး၍ရသည္။ 

Configuration Example:
Switch(config)# interface gig0/2
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 1
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security violation shutdown
Switch(config-if)#end
:::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::
clear port-security dynamic [address <mac> | interface <interface>]
errdisable recovery cause security-violation
:::::::::::::::::::::::::::::::::::::::::::::::: ::::::::::::::::::::::::::::::::::::::::::::::::
To Verify the port security status use "show port-security"
sh port-security
sh port-security address
sh port-security interface f0/1
sh mac-address table
show interfaces status err-disabled
 show errdisable detect




Refer:  for more detail >>

No comments:

Post a Comment