These steps are outlined below, including the configuration commands used: From there, port security needs to be enabled and actual MAC addresses of the devices that are allowed to use that port need to be configured. Basically, the user needs to make whatever port is being secured an access port, meaning that VLAN cannot trunk–that is share it’s frequencies with other networks. This is obviously a powerful feature.Ĭonfiguring port security, though, takes several steps. When the laptop, or any other inappropriate device, tries to send frames to the switch interfaces, the switch can discard all the frames of that device, preventing the attacker from tampering with the network. If sticky learning is disabled, the sticky secure MAC addresses are converted to dynamic secure addresses and are removed from the running configuration.We start today’s post by answering the question: Why do we need port security? Well, the purpose of port security–the ability of a network engineer to restrict the interface on a switch so that only the expected devices can use it–is that port security can reduce exposure to network attacks where an attacker connects a laptop to the wall socket that connects to a switch port. If you do not save the configuration, they are lost.
If you save the sticky secure MAC addresses in the configuration file, when the switch restarts, the interface does not need to relearn these addresses. The sticky secure MAC addresses do not automatically become part of the configuration file, which is the startup configuration used each time the switch restarts. When you enter this command, the interface converts all the dynamic secure MAC addresses, including those that were dynamically learned before sticky learning was enabled, to sticky secure MAC addresses. To enable sticky learning, enter the switchport port-security mac-address sticky command. You can configure an interface to convert the dynamic MAC addresses to sticky secure MAC addresses and to add them to the running configuration by enabling sticky learning.
This is also a good document explaing the difference
0 kommentar(er)
