CCNA®: Cisco® Certified Network Associate: Fast Pass, Third Edition

2.16. Implement basic switch security (including: port security, trunk access, management vlan other than vlan1, etc.)

So, just how do you stop someone from simply plugging a host into one of your switch ports—or worse, adding a hub, switch, or access point into the Ethernet jack in their office? By default, MAC addresses will just dynamically appear in your MAC forward/filter database. You can stop them in their tracks by using port security. Here are your options:

Switch#config t
Switch(config)#int f0/1
Switch(config-if)#switchport port-security ?
   aging           Port-security aging commands
   mac-address     Secure mac address
   maximum         Max secure addresses
   violation       Security violation mode
   <cr>

You can see clearly in the preceding output that the switchport ...

Get CCNA®: Cisco® Certified Network Associate: Fast Pass, Third Edition now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

CCNA®: Cisco® Certified Network Associate: Fast Pass, Third Edition by Todd Lammle

2.16. Implement basic switch security (including: port security, trunk access, management vlan other than vlan1, etc.)

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly