Last Updated on March 23, 2018 by Admin
5.2.2.7 Packet Tracer – Configuring Switch Port Security
From year to year, Cisco has updated many versions with difference questions. The latest version is version 6.0 in 2018. What is your version? It depends on your instructor creating your class. We recommend you to go thought all version if you are not clear. While you take online test with netacad.com, You may get random questions from all version. Each version have 1 to 10 different questions or more. After you review all questions, You should practice with our online test system by go to "Online Test" link below.
| Version 5.02 | Version 5.03 | Version 6.0 | Online Assessment |
| Chapter 5 Exam | Chapter 5 Exam | Chapter 5 Exam | Online Test |
| Next Chapter | |||
| Chapter 6 Exam | Chapter 6 Exam | Chapter 6 Exam | Online Test |
| Lab Activities | |||
| 5.2.1.4 Packet Tracer – Configuring SSH | |||
| 5.2.2.7 Packet Tracer – Configuring Switch Port Security | |||
| 5.2.2.8 Packet Tracer – Troubleshooting Switch Port Security | |||
| 5.3.1.2 Packet Tracer – Skills Integration Challenge | |||
Packet Tracer – Configuring Switch Port Security (Answer Version)
Answer Note: Red font color or Gray highlights indicate text that appears in the Answer copy only.
Topology
5.2.2.7 Packet Tracer – Configuring Switch Port Security
Addressing Table
|
Device |
Interface | IP Address |
Subnet Mask |
| S1 | VLAN 1 | 10.10.10.2 | 255.255.255.0 |
| PC1 | NIC | 10.10.10.10 | 255.255.255.0 |
| PC2 | NIC | 10.10.10.11 | 255.255.255.0 |
| Rogue Laptop | NIC | 10.10.10.12 | 255.255.255.0 |
Objective
Part 1: Configure Port Security
Part 2: Verify Port Security
Background
In this activity, you will configure and verify port security on a switch. Port security allows you to restrict a port’s ingress traffic by limiting the MAC addresses that are allowed to send traffic into the port.
Part 1: Configure Port Security
- Access the command line for S1 and enable port security on Fast Ethernet ports 0/1 and 0/2.
- S1(config)# interface range fa0/1 – 2
- S1(config-if-range)# switchport port-security
- Set the maximum so that only one device can access the Fast Ethernet ports 0/1 and 0/2.
- S1(config-if-range)# switchport port-security maximum 1
- Secure the ports so that the MAC address of a device is dynamically learned and added to the running configuration.
- S1(config-if-range)# switchport port-security mac-address sticky
- Set the violation so that the Fast Ethernet ports 0/1 and 0/2 are not disabled when a violation occurs, but a notification of the security violation is generated and packets from the unknown source are dropped.
- S1(config-if-range)# switchport port-security violation restrict
- Disable all the remaining unused ports. Hint: Use the range keyword to apply this configuration to all the ports simultaneously.
- S1(config-if-range)# interface range fa0/3 – 24 , gi1/1 – 2
- S1(config-if-range)# shutdown
Part 2: Verify Port Security
- From PC1, ping PC2.
- Verify port security is enabled and the MAC addresses of PC1 and PC2 were added to the running configuration.
- Attach Rogue Laptop to any unused switch port and notice that the link lights are red.
- Enable the port and verify that Rogue Laptop can ping PC1 and PC2. After verification, shut down the port connected to Rogue Laptop.
- Disconnect PC2 and connect Rogue Laptop to PC2’s port. Verify that Rogue Laptop is unable to ping PC1.
- Display the port security violations for the port Rogue Laptop is connected to.
- S1# show port-security interface fa0/2
- Disconnect Rouge Laptop and reconnect PC2. Verify PC2 can ping PC1.
- Why is PC2 able to ping PC1, but the Rouge Laptop is not? The port security that was enabled on the port only allowed the device, whose MAC was learned first, access to the port while preventing all other devices access.
From year to year, Cisco has updated many versions with difference questions. The latest version is version 6.0 in 2018. What is your version? It depends on your instructor creating your class. We recommend you to go thought all version if you are not clear. While you take online test with netacad.com, You may get random questions from all version. Each version have 1 to 10 different questions or more. After you review all questions, You should practice with our online test system by go to "Online Test" link below.
| Version 5.02 | Version 5.03 | Version 6.0 | Online Assessment |
| Chapter 5 Exam | Chapter 5 Exam | Chapter 5 Exam | Online Test |
| Next Chapter | |||
| Chapter 6 Exam | Chapter 6 Exam | Chapter 6 Exam | Online Test |
| Lab Activities | |||
| 5.2.1.4 Packet Tracer – Configuring SSH | |||
| 5.2.2.7 Packet Tracer – Configuring Switch Port Security | |||
| 5.2.2.8 Packet Tracer – Troubleshooting Switch Port Security | |||
| 5.3.1.2 Packet Tracer – Skills Integration Challenge | |||