Start networking and exchanging professional insights

Register now or log in to join your professional community.

Follow

To work settings on Switch to protect Interface from any intruder device How reserve Interface for trusted devices?

ماهو الامر على Switch لحماية الانترفيس من اجهزه غير موثوقه

user-image
Question added by abdalrahman mohmmad , IT Engineer , mixfm
Date Posted: 2013/09/18
abdalrahman mohmmad
by abdalrahman mohmmad , IT Engineer , mixfm

باختصار شديد ندخل داخل intrerface ونكتب الامر :

 

switchport mode access #

switchport port security mac address sticky #

او لحجز اكثر من mac

 

switchport port-security maximum2 # 

 

 

Mostafa Abdo
by Mostafa Abdo , Senior Infrastructure and Security Architect , Devoteam

by configuring Switch Port Security on the Access Switch, and there are three different types of secure MAC address:

•Static secure MAC addresses—This type of secure MAC address is statically configured on a switchport and is stored in an address table and in the running configuration

•Dynamic secure MAC addresses—This type of secure MAC address is learned dynamically from the traffic that is sent through the switchport. These types of addresses are kept only in an address table and not in the running configuration.

•Sticky secure MAC addresses—This type of secure MAC address can be manually configured or dynamically learned. These types of addresses are kept in an address table and in the running configuration.

then to configure after the mode The action that the device takes when one of these violations occurs can be configured:

•Protect—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, no notification action is taken when traffic is dropped.

•Restrict—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, a syslog message is logged, a Simple Network Management Protocol (SNMP) trap is sent, and a violation counter is incremented when traffic is dropped.

•Shutdown—This mode is the default violation mode; when in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and reenabling the switchport.•Shutdown VLAN—This mode mimics the behavior of the shutdown mode but limits the error disabled state the specific violating VLAN.

Mohammad Elwasefy Elsayed
by Mohammad Elwasefy Elsayed , Senior IT Network and Security Engineer , Comlogic-SCC-ITconsultancy

There is another method for restricting devices accessing specific Vlan

which called : VACL "Vlan access control list" or PACL "Port access control list"

Restrict

Static secure MAC addresses

Shutdown

Dynamic secure MAC addresses

هاشم المشارقة
by هاشم المشارقة , Key Account Manager , Advanced United Systems Ltd. ( A member of Taj Holding Group)

أولا اربط الأجهزة بمنافذها لأن في لحظة توجيه الأمر سيقوم بحفظ العناويين الفيزيائية على كل منفذ كي يسمح لها و يمنع سواها

استخدم الأمر لتالي :

switchport protected

هذا يجعل كل منفذ من منافذ السويتش يقبل فقط الجهاز المرتبط به لحظة توجيه الأمر

و شكرا على الدعوة

sherif fathiy mahmoud
by sherif fathiy mahmoud , IT Technical Support , Concrete factory

switchport port-security

Abhi Mukherjee
by Abhi Mukherjee , Network Enginner , Accenture Services Pvt Ltd.

This problem can te address by configuring port security on that perticuler interface, genarally called as a "sticky port" and restricting traffic per basis of MAC address. 

Osama Ismaeel
by Osama Ismaeel , Customer Solutions Architect - VPO (VPN Owner) , Orange Business Services

most commonly ways:  using MAC address filtering protection, or dot1x authentication

More Questions Like This