The objective of this lab exercise is for you to protect a switchport with port security.
Configuring port security on switches is a very important CCNA exam topic. I can almost guarantee that you’ll be asked a question or be given a lab on it. Rather than watch a video solution, I have provided show runs and test commands where appropriate.
This lab is suitable for both CCENT and CCNA certification exam preparation.
This lab has a difficulty rating of 6/10.
When you are ready for your certification exam, you should complete this lab in no more than 15 minutes.
Please use the following topology to complete this lab exercise:
Connect a PC to a switchport. Configure the port as an access port.
Configure the switchport as an access port and put it into VLAN20. Add IP address 10.0.0.2 to VLAN20 and a default gateway of the PC IP address.
Configure port security on the switchport. Add a command to ensure that the switch adds the learned MAC address to the startup configuration file.
Optional: Change the MAC address on the PC using Packet Tracer or a physical device if you have a home lab. Now check that the port has been shut down.
Switch#show run hostname Switch ! spanning-tree mode pvst ! interface FastEthernet0/1 switchport access vlan 20 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 0004.9AAA.C6D8 ‹ this was learned by the switch, not manually entered. ! interface FastEthernet0/2 interface Vlan1 no ip address shutdown ! interface Vlan20 ip address 10.0.0.2 255.255.255.0 ! ip default-gateway 10.0.0.1
Switch#show port-security int f0/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 1 Last Source Address:Vlan : 0004.9AAA.C6D8:20 Security Violation Count : 0
After changing the mac address, you should see the following:
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down Switch#show port-security int f0/1 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 1 Last Source Address:Vlan : 0004.9AAA.C6D9:20 Security Violation Count : 1