Port security is a useful feature for improving network security, but it should be used in conjunction with other security measures, such as authentication and encryption. an unauthorized MAC address is detected on a port), the switch can be configured to take various actions, such as shutting down the port, sending an alert to an administrator, or limiting traffic on the port. Violation actions: When a violation occurs (i.e. MAC address sticky: This feature allows the switch to automatically learn and store the MAC addresses of devices that are connected to a port, and then configure the port to only allow those specific MAC addresses to connect in the future. clear port-security sticky interface fa0/1 clears the learned sticky MAC addresses, must be done prior to a shut/no shut to re-enable a port disabled due to port security When you use sticky MAC addresses you'll want to make sure that the MAC addresses are cleared off of a switch when a device is moved. MAC address aging: This determines how long a learned MAC address will be stored in the switch’s MAC address table before it is removed. When the maximum is reached, the switch will block any additional MAC addresses from being learned. Maximum number of MAC addresses: This sets the maximum number of MAC addresses that can be learned on a switch port. There are several configuration options for port security, including: When port security is enabled, the switch monitors the MAC addresses of the devices that are connected to each port, and limits the number of MAC addresses that can be learned. Port security allows port-channel control packets to pass without causing security violations. When you enable sticky learning on an interface, the device stops dynamic learning and performs sticky learning instead. The purpose of port security is to prevent unauthorized access to the network by limiting the number of MAC addresses that can be learned on a switch port. Dynamic and sticky address learning are mutually exclusive. Port security is a feature in network switches that limits the number of devices that can connect to a switch port.
0 Comments
Leave a Reply. |