Would you like to inspect the original subtitles? These are the user uploaded subtitles that are being translated:
1
00:00:03,759 --> 00:00:07,330
This is a free, complete course for the CCNA.
2
00:00:07,330 --> 00:00:11,089
If you like these videos, please subscribe\n
3
00:00:11,089 --> 00:00:15,599
Also, please like and leave a comment, and\n
4
00:00:18,469 --> 00:00:24,149
If you want more labs like this, I highly\n
5
00:00:24,149 --> 00:00:28,689
NetSim is a network simulator like Packet\n
6
00:00:28,689 --> 00:00:33,969
over 100 detailed guided labs covering the\nCCNA exam topics.
7
00:00:33,969 --> 00:00:38,239
If you want to get NetSim, follow the link\nin the description.
8
00:00:38,240 --> 00:00:42,520
In this video we’ll configure port security\non SW1 and SW2.
9
00:00:42,520 --> 00:00:48,359
We’ll configure it on SW1’s interfaces\n
10
00:00:50,979 --> 00:00:55,069
Some of the commands I introduced in the lecture\n
11
00:00:55,070 --> 00:00:56,890
but the most important ones are.
12
00:01:00,170 --> 00:01:05,530
On the F0/1, 2, and 3 interfaces we’ll enable\n
13
00:01:05,530 --> 00:01:12,469
mode, 1 MAC address allowed, sticky learning\n
14
00:01:13,590 --> 00:01:19,609
CONF T. The port security configuration of\n
15
00:01:23,950 --> 00:01:28,909
By default, the violation mode is shutdown,\n
16
00:01:30,879 --> 00:01:34,510
Sticky MAC address learning is also disabled\n
17
00:01:35,640 --> 00:01:39,060
Let’s just set the aging time to 1 hour.
18
00:01:39,060 --> 00:01:44,269
With the default time of 0 minutes, secure\n
19
00:01:44,269 --> 00:01:50,179
SWITCHPORT PORT-SECURITY AGING TIME, and then\n
20
00:01:50,180 --> 00:01:55,130
Now, port security itself isn’t actually\n
21
00:01:57,609 --> 00:02:02,478
But the command is rejected, a common mistake\n
22
00:02:02,478 --> 00:02:06,670
These interfaces have the default administrative\n
23
00:02:08,909 --> 00:02:13,318
DO SHOW INTERFACES F0/1 SWITCHPORT.
24
00:02:13,318 --> 00:02:18,199
Up here you can see it, administrative mode\ndynamic auto.
25
00:02:18,199 --> 00:02:23,289
To enable port security, the interface must\n
26
00:02:33,969 --> 00:02:36,520
I’ll check one of the interfaces.
27
00:02:36,520 --> 00:02:40,319
DO SHOW PORT-SECURITY INTERFACE F0/1.
28
00:02:40,318 --> 00:02:47,649
Okay, port security is enabled and the default\n
29
00:02:47,650 --> 00:02:50,900
The aging time of 60 minutes I configured\nis shown here.
30
00:02:50,900 --> 00:02:55,740
That’s all we need to configure on SW1.
31
00:02:57,560 --> 00:03:03,598
We’ll configure port security on G0/1 with\n
32
00:03:03,598 --> 00:03:07,839
4 addresses, and sticky MAC address learning\nenabled.
33
00:03:07,840 --> 00:03:12,409
Why 4 addresses, even though there are only\n
34
00:03:12,409 --> 00:03:19,240
It’s because SW2 will be receiving CDP messages\n
35
00:03:27,900 --> 00:03:32,959
The default port security violation mode is\n
36
00:03:32,959 --> 00:03:37,939
SWITCHPORT PORT-SECURITY VIOLATION RESTRICT.
37
00:03:37,939 --> 00:03:40,628
And then the maximum number of addresses.
38
00:03:40,628 --> 00:03:45,159
SWITCHPORT PORT-SECURITY MAXIMUM 4.
39
00:03:45,159 --> 00:03:48,098
And then enable sticky MAC address learning.
40
00:03:48,098 --> 00:03:52,549
SWITCHPORT PORT-SECURITY MAC-ADDRESS STICKY.
41
00:03:52,550 --> 00:03:54,830
Finally let’s enable port security.
42
00:03:54,830 --> 00:04:00,269
There is only 1 VLAN in the network, VLAN\n
43
00:04:00,269 --> 00:04:03,170
port, although trunk is an option too.
44
00:04:09,050 --> 00:04:12,880
Okay, let’s check those settings.
45
00:04:12,879 --> 00:04:16,620
DO SHOW PORT-SECURITY INTERFACE G0/1.
46
00:04:16,620 --> 00:04:22,800
Okay, port security is enabled, the violation\n
47
00:04:25,370 --> 00:04:28,530
As for sticky learning, we’ll test that\nnow.
48
00:04:28,529 --> 00:04:35,829
I’ll ping from each PC to R1 so that SW1\n
49
00:05:03,160 --> 00:05:06,760
DO SHOW PORT-SECURITY INTERFACE G0/1.
50
00:05:06,759 --> 00:05:14,269
So, the total MAC addresses learned is 4,\nPCs 1, 2, 3, and SW1.
51
00:05:14,269 --> 00:05:16,639
And all 4 of those MAC addresses are sticky.
52
00:05:16,639 --> 00:05:20,209
Let’s check the config of G0/1.
53
00:05:22,189 --> 00:05:29,850
Scroll down to G0/1, and here we can see the\n
54
00:05:32,180 --> 00:05:34,740
And let’s check the MAC address table.
55
00:05:36,939 --> 00:05:40,918
Okay, there are the same 4 MAC addresses.
56
00:05:40,918 --> 00:05:44,439
Notice the type of STATIC, even though they\n
57
00:05:44,439 --> 00:05:47,469
That’s because of sticky learning.
58
00:05:47,470 --> 00:05:50,830
And one more command, DO SHOW PORT-SECURITY.
59
00:05:50,829 --> 00:05:59,300
So, G0/1 has a maximum of 4 secure MAC addresses,\n
60
00:05:59,300 --> 00:06:03,840
violations, and the security action is restrict.
61
00:06:03,839 --> 00:06:06,859
Now let’s trigger some violations and see\nwhat happens.
62
00:06:06,860 --> 00:06:11,180
First, I’ll trigger a violation on SW2.
63
00:06:11,180 --> 00:06:17,129
To do that, I’ll go on SW1 and configure\nthe VLAN 1 SVI.
64
00:06:18,730 --> 00:06:24,689
IP ADDRESS 10.0.0.10 255.255.255.0.
65
00:06:26,399 --> 00:06:33,109
Okay, so if SW1 tries to ping R1, the source\n
66
00:06:35,069 --> 00:06:40,959
SW2 learned the MAC address of SW1’s G0/1\n
67
00:06:52,129 --> 00:06:58,269
That’s because SW2 is blocking the pings\n
68
00:07:01,910 --> 00:07:05,350
DO SHOW PORT-SECURITY INTERFACE G0/1.
69
00:07:05,350 --> 00:07:11,669
Okay, notice the port status is still secure-up,\n
70
00:07:11,668 --> 00:07:17,979
There haven’t been any syslog messages,\n
71
00:07:17,980 --> 00:07:21,550
By default, a syslog message should be displayed\nin the console.
72
00:07:21,550 --> 00:07:24,079
Anyway, that’s the restrict mode.
73
00:07:24,079 --> 00:07:27,459
Now let’s trigger a violation on SW1.
74
00:07:27,459 --> 00:07:31,549
To do that, I’ll change the MAC address\nof PC1.
75
00:07:31,550 --> 00:07:39,069
To do that in packet tracer, go to the config\n
76
00:07:40,990 --> 00:07:44,680
I’ll change the last ‘1’ to an ‘A’.
77
00:07:48,579 --> 00:07:52,418
Okay, it doesn’t work this time.
78
00:07:55,050 --> 00:08:01,381
Okay, here syslog messages have been shown\n
79
00:08:01,380 --> 00:08:04,668
no actual port security related syslog messages.
80
00:08:04,668 --> 00:08:08,049
Anyway, let’s check the interface.
81
00:08:08,050 --> 00:08:11,040
DO SHOW PORT-SECURITY INTERFACE F0/1.
82
00:08:11,040 --> 00:08:18,210
Okay, the state is secure-shutdown, and the\n
83
00:08:18,209 --> 00:08:23,859
Now, errdisable recovery isn’t available\n
84
00:08:23,860 --> 00:08:26,650
the interface, you’ll need to do it manually.
85
00:08:26,649 --> 00:08:31,888
Anyway, in this lab we did some basic port\n
86
00:08:31,889 --> 00:08:34,440
shutdown and restrict violation modes work.
87
00:08:35,899 --> 00:08:43,360
Next, let’s take a look at a bonus lab in\n
6939
Can't find what you're looking for?
Get subtitles in any language from opensubtitles.com, and translate them here.
Afrikaans
Albanian
Amharic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
English
Esperanto
Estonian
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hawaiian
Hungarian
Icelandic
Indonesian
Irish
Italian
Japanese
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latvian
Lithuanian
Luxembourgish
Macedonian
Malagasy
Malay
Maltese
Maori
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Polish
Portuguese
Romanian
Russian
Samoan
Serbian
Sesotho
Shona
Sinhala
Slovak
Slovenian
Somali
Spanish
Swahili
Swedish
Tajik
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
