Lab Objective:
The objective of this lab exercise is for you to protect a switchport with port security.
Lab Purpose:
Configuring port security on switches is a very important CCNA exam topic. I can almost guarantee that you’ll be asked a question or be given a lab on it. Rather than watch a video solution, I have provided show runs and test commands where appropriate.
Certification Level:
This lab is suitable for both CCENT and CCNA certification exam preparation.
Lab Difficulty:
This lab has a difficulty rating of 6/10.
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 15 minutes.
Lab Topology:
Please use the following topology to complete this lab exercise:
Task 1:
Connect a PC to a switchport. Configure the port as an access port.
Task 2:
Configure the switchport as an access port and put it into VLAN20. Add IP address 10.0.0.2 to VLAN20 and a default gateway of the PC IP address.
Task 3:
Configure port security on the switchport. Add a command to ensure that the switch adds the learned MAC address to the startup configuration file.
Task 4:
Optional: Change the MAC address on the PC using Packet Tracer or a physical device if you have a home lab. Now check that the port has been shut down.
Solution
Show Runs
Switch#show run hostname Switch ! spanning-tree mode pvst ! interface FastEthernet0/1 switchport access vlan 20 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 0004.9AAA.C6D8 ‹ this was learned by the switch, not manually entered. ! interface FastEthernet0/2 interface Vlan1 no ip address shutdown ! interface Vlan20 ip address 10.0.0.2 255.255.255.0 ! ip default-gateway 10.0.0.1
TEST:
Switch#show port-security int f0/1 Port Security : Enabled Port Status : Secure-up Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 1 Last Source Address:Vlan : 0004.9AAA.C6D8:20 Security Violation Count : 0
After changing the mac address, you should see the following:
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down Switch#show port-security int f0/1 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 1 Configured MAC Addresses : 0 Sticky MAC Addresses : 1 Last Source Address:Vlan : 0004.9AAA.C6D9:20 Security Violation Count : 1