Port Security

You are the network administrator at Ranet,and would like to enable Port-Security on the access ports of Ranet-SW to prevent the use of another switch connected that let multiple hosts connect through the same port at the same time, and to prevent the unauthorized host connect via some port.

So all you have to do are: (Config via Console)

1. Enable Port-Security on all access ports (except Gig1/1, Gig1/2), and set parameter to allow only 1 MAC Address per port and the action when violation happened is shutdown port.

2. On port Fa0/1, now there is the authorized host connected (Host1), set the allow MAC Address on this port by “SecureSticky” method.

3. On port Fa0/3, now there is the unauthorized host connected (Rogue3),set the allow MAC Address to be 0030.F295.15C6.

If everything is correct, you will see ports Fa0/2 and Fa0/3 change status to down (err-disabled) when there is the attempt to connect from unauthorized hosts, and Host1 will not be able to connect with the unauthorized hosts (192.168.0.58 – 192.168.0.60) .

———————- End —————————–

Solution:

Ranet-SW config :

(copy & paste to Ranet-SW )

en 

conf t

int ran fa0/1 -24 

switchport mode access 

switchport port-security 

switchport port-security maximum 1

switchport port-security violation shutdown 

int fa0/1 

switchport port-security mac-address sticky 

int fa0/3 

switchport port-security mac-address 0030.F295.15C6

Ranet-SW#copy run start 

Destination filename [startup-config]?

Building configuration… 

[OK] 

Ranet-SW#

Host1 :

Command Prompt

Packet Tracer PC Command Line 1.0 

PC>ping 192.168.0.60

Pinging 192.168.0.60 with 32 bytes of data:

Reply from 192.168.0.60: bytes=32 time=44ms TTL=128 

Reply from 192.168.0.60: bytes=32 time=4ms TTL=128 

Reply from 192.168.0.60: bytes=32 time=5ms TTL=128 

Reply from 192.168.0.60: bytes=32 time=4ms TTL=128

Ping statistics for 192.168.0.60: 

Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds: 

Minimum = 4ms, Maximum = 44ms, Average = 14ms

PC>ping 192.168.0.59

Pinging 192.168.0.59 with 32 bytes of data:

Request timed out. 

Request timed out. 

Request timed out. 

Request timed out.

Ping statistics for 192.168.0.59: 

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PC>ping 192.168.0.58

Pinging 192.168.0.58 with 32 bytes of data:

Request timed out. 

Request timed out. 

Request timed out. 

Request timed out.

Ping statistics for 192.168.0.58: 

Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

PC>

Ranet-SW

Ranet-SW#sh port-security address 

Secure Mac Address Table 

——————————————————————————-

Vlan Mac Address            Type                              Ports

———–                            —-                               —– 

0030.F214.8793                SecureSticky                FastEthernet0/1 – 

0030.F295.15C6              SecureConfigured          FastEthernet0/3 – 

—————————————————————————— 

Total Addresses in System (excluding one mac per port) : 0 

Max Addresses limit in System (excluding one mac per port) : 1024

Ranet-SW#sh int fa0/2

FastEthernet0/2 is down, line protocol is down (err-disabled)

Ranet-SW#sh int fa0/3

FastEthernet0/3 is down, line protocol is down (err-disabled)

———————– The End ———————