Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:03,759 --> 00:00:07,330
This is a free, complete course for the CCNA.
2
00:00:07,330 --> 00:00:11,089
If you like these videos, please subscribe\n
3
00:00:11,089 --> 00:00:15,599
Also, please like and leave a comment, and\n
4
00:00:18,469 --> 00:00:24,149
If you want more labs like this, I highly\n
5
00:00:24,149 --> 00:00:28,689
NetSim is a network simulator like Packet\n
6
00:00:28,689 --> 00:00:33,969
over 100 detailed guided labs covering the\nCCNA exam topics.
7
00:00:33,969 --> 00:00:38,239
If you want to get NetSim, follow the link\nin the description.
8
00:00:38,240 --> 00:00:42,520
In this video we’ll configure port security\non SW1 and SW2.
9
00:00:42,520 --> 00:00:48,359
We’ll configure it on SW1’s interfaces\n
10
00:00:50,979 --> 00:00:55,069
Some of the commands I introduced in the lecture\n
11
00:00:55,070 --> 00:00:56,890
but the most important ones are.
12
00:01:00,170 --> 00:01:05,530
On the F0/1, 2, and 3 interfaces we’ll enable\n
13
00:01:05,530 --> 00:01:12,469
mode, 1 MAC address allowed, sticky learning\n
14
00:01:13,590 --> 00:01:19,609
CONF T. The port security configuration of\n
15
00:01:23,950 --> 00:01:28,909
By default, the violation mode is shutdown,\n
16
00:01:30,879 --> 00:01:34,510
Sticky MAC address learning is also disabled\n
17
00:01:35,640 --> 00:01:39,060
Let’s just set the aging time to 1 hour.
18
00:01:39,060 --> 00:01:44,269
With the default time of 0 minutes, secure\n
19
00:01:44,269 --> 00:01:50,179
SWITCHPORT PORT-SECURITY AGING TIME, and then\n
20
00:01:50,180 --> 00:01:55,130
Now, port security itself isn’t actually\n
21
00:01:57,609 --> 00:02:02,478
But the command is rejected, a common mistake\n
22
00:02:02,478 --> 00:02:06,670
These interfaces have the default administrative\n
23
00:02:08,909 --> 00:02:13,318
DO SHOW INTERFACES F0/1 SWITCHPORT.
24
00:02:13,318 --> 00:02:18,199
Up here you can see it, administrative mode\ndynamic auto.
25
00:02:18,199 --> 00:02:23,289
To enable port security, the interface must\n
26
00:02:33,969 --> 00:02:36,520
I’ll check one of the interfaces.
27
00:02:36,520 --> 00:02:40,319
DO SHOW PORT-SECURITY INTERFACE F0/1.
28
00:02:40,318 --> 00:02:47,649
Okay, port security is enabled and the default\n
29
00:02:47,650 --> 00:02:50,900
The aging time of 60 minutes I configured\nis shown here.
30
00:02:50,900 --> 00:02:55,740
That’s all we need to configure on SW1.
31
00:02:57,560 --> 00:03:03,598
We’ll configure port security on G0/1 with\n
32
00:03:03,598 --> 00:03:07,839
4 addresses, and sticky MAC address learning\nenabled.
33
00:03:07,840 --> 00:03:12,409
Why 4 addresses, even though there are only\n
34
00:03:12,409 --> 00:03:19,240
It’s because SW2 will be receiving CDP messages\n
35
00:03:27,900 --> 00:03:32,959
The default port security violation mode is\n
36
00:03:32,959 --> 00:03:37,939
SWITCHPORT PORT-SECURITY VIOLATION RESTRICT.
37
00:03:37,939 --> 00:03:40,628
And then the maximum number of addresses.
38
00:03:40,628 --> 00:03:45,159
SWITCHPORT PORT-SECURITY MAXIMUM 4.
39
00:03:45,159 --> 00:03:48,098
And then enable sticky MAC address learning.
40
00:03:48,098 --> 00:03:52,549
SWITCHPORT PORT-SECURITY MAC-ADDRESS STICKY.
41
00:03:52,550 --> 00:03:54,830
Finally let’s enable port security.
42
00:03:54,830 --> 00:04:00,269
There is only 1 VLAN in the network, VLAN\n
43
00:04:00,269 --> 00:04:03,170
port, although trunk is an option too.
44
00:04:09,050 --> 00:04:12,880
Okay, let’s check those settings.
45
00:04:12,879 --> 00:04:16,620
DO SHOW PORT-SECURITY INTERFACE G0/1.
46
00:04:16,620 --> 00:04:22,800
Okay, port security is enabled, the violation\n
47
00:04:25,370 --> 00:04:28,530
As for sticky learning, we’ll test that\nnow.
48
00:04:28,529 --> 00:04:35,829
I’ll ping from each PC to R1 so that SW1\n
49
00:05:03,160 --> 00:05:06,760
DO SHOW PORT-SECURITY INTERFACE G0/1.
50
00:05:06,759 --> 00:05:14,269
So, the total MAC addresses learned is 4,\nPCs 1, 2, 3, and SW1.
51
00:05:14,269 --> 00:05:16,639
And all 4 of those MAC addresses are sticky.
52
00:05:16,639 --> 00:05:20,209
Let’s check the config of G0/1.
53
00:05:22,189 --> 00:05:29,850
Scroll down to G0/1, and here we can see the\n
54
00:05:32,180 --> 00:05:34,740
And let’s check the MAC address table.
55
00:05:36,939 --> 00:05:40,918
Okay, there are the same 4 MAC addresses.
56
00:05:40,918 --> 00:05:44,439
Notice the type of STATIC, even though they\n
57
00:05:44,439 --> 00:05:47,469
That’s because of sticky learning.
58
00:05:47,470 --> 00:05:50,830
And one more command, DO SHOW PORT-SECURITY.
59
00:05:50,829 --> 00:05:59,300
So, G0/1 has a maximum of 4 secure MAC addresses,\n
60
00:05:59,300 --> 00:06:03,840
violations, and the security action is restrict.
61
00:06:03,839 --> 00:06:06,859
Now let’s trigger some violations and see\nwhat happens.
62
00:06:06,860 --> 00:06:11,180
First, I’ll trigger a violation on SW2.
63
00:06:11,180 --> 00:06:17,129
To do that, I’ll go on SW1 and configure\nthe VLAN 1 SVI.
64
00:06:18,730 --> 00:06:24,689
IP ADDRESS 10.0.0.10 255.255.255.0.
65
00:06:26,399 --> 00:06:33,109
Okay, so if SW1 tries to ping R1, the source\n
66
00:06:35,069 --> 00:06:40,959
SW2 learned the MAC address of SW1’s G0/1\n
67
00:06:52,129 --> 00:06:58,269
That’s because SW2 is blocking the pings\n
68
00:07:01,910 --> 00:07:05,350
DO SHOW PORT-SECURITY INTERFACE G0/1.
69
00:07:05,350 --> 00:07:11,669
Okay, notice the port status is still secure-up,\n
70
00:07:11,668 --> 00:07:17,979
There haven’t been any syslog messages,\n
71
00:07:17,980 --> 00:07:21,550
By default, a syslog message should be displayed\nin the console.
72
00:07:21,550 --> 00:07:24,079
Anyway, that’s the restrict mode.
73
00:07:24,079 --> 00:07:27,459
Now let’s trigger a violation on SW1.
74
00:07:27,459 --> 00:07:31,549
To do that, I’ll change the MAC address\nof PC1.
75
00:07:31,550 --> 00:07:39,069
To do that in packet tracer, go to the config\n
76
00:07:40,990 --> 00:07:44,680
I’ll change the last ‘1’ to an ‘A’.
77
00:07:48,579 --> 00:07:52,418
Okay, it doesn’t work this time.
78
00:07:55,050 --> 00:08:01,381
Okay, here syslog messages have been shown\n
79
00:08:01,380 --> 00:08:04,668
no actual port security related syslog messages.
80
00:08:04,668 --> 00:08:08,049
Anyway, let’s check the interface.
81
00:08:08,050 --> 00:08:11,040
DO SHOW PORT-SECURITY INTERFACE F0/1.
82
00:08:11,040 --> 00:08:18,210
Okay, the state is secure-shutdown, and the\n
83
00:08:18,209 --> 00:08:23,859
Now, errdisable recovery isn’t available\n
84
00:08:23,860 --> 00:08:26,650
the interface, you’ll need to do it manually.
85
00:08:26,649 --> 00:08:31,888
Anyway, in this lab we did some basic port\n
86
00:08:31,889 --> 00:08:34,440
shutdown and restrict violation modes work.
87
00:08:35,899 --> 00:08:43,360
Next, let’s take a look at a bonus lab in\n
6939
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.