Skip to main content

SWITCHPORT SECURITY

 

SWITCHHPORT SECURITY

1. PORT SECURITY ENABLES YOU TO CONFIGURE EACH SWITCH PORT WITH A UNIQUE LIST OF THE MAC ADDRESSES OF DEVICES THAT ARE AUTHORIZED TO ACCESS THE NETWORK THROUGH THAT PORT.

THIS SECURITY ENABLES INDIVIDUAL PORTS TO DETECT, PREVENT, AND LOG ATTEMPTS BY UNAUTHORIZED DEVICES TO COMMUNICATE THROUGH THE SWITCH.

2. SWITCH PORT SECURITY LIMITS THE NUMBER OF VALID MAC ADDRESSES ALLOWED ON A PORT. 

WHEN A MAC ADDRESS, OR A GROUP OF MAC ADDRESSES ARE CONFIGURED TO ENABLE SWITCH PORT SECURITY, THE SWITCH WILL FORWARD PACKETS ONLY TO THE DEVICES USING THOSE MAC ADDRESSES.

3. BY USING PORT SECURITY YOU CAN SECURE YOUR NETWORK FOR HACKER ATTACKE AND PROTECT YOUR NETWORK INFORMATION AND TRAFFIC.

TYPES OF VOILATION IN PORT SECURITY

1. SHUTDOWN

IN THIS VIOLATION  WHENEVER AN ATTACKER ATTACH TO YOUR NETWORK  TO COMMUNICATE, THE ATTACKER WITH WHOM IT IS ATTACHED TO YOUR SWITCH PORT WILL BE SHUTDOWN THIS PORT WHEN IT STARTS COMMUNICATING.

2. RESTRICT

IN THIS VIOLATION, THE SWITCH SENDS AN ALERT MESSAGE TO THE NETWORK ADMINISTRATOR FOR ABOUT ATTACKER.

3. PROTECT

IN THIS VIOLATION, THOUGHT ALLOWS ONLY THE PORT THAT IS CONFIGURED TO SWITCH AND DOES NOT ALLOW COMMUNICATION TO ANY OTHER PORT.

TYPES OF LOCK

1. DYNAMIC LOCK

IN THIS CONFIGURATION , THE PORTS MAC ADDRESS IS AUTOMATICALLY SECURED.

2. STATIC LOCK

IN CONFIGURATION  THIS LOCK WE SECURE THE MAC ADDRESS ITSELF.

__________________

CONFIGURATION

STEP 1 

1. IN THIS STEP WE WILL TAKE A 2 SWITCHES AND  5 COMPUTERS AND AND ONE  LAPTOP FOR EXAMPLE LAPTOP IS ATTACKER.

2. ASSIGN A IP ADDRESS IN ALL DEVICES.

STEP 2

1.  CONFIGURATION SWITCH PORT SECURITY

2. ALL VOILATION CONFIGURED STEP BY STEP

3. LOCK CONFIGURATION

_____________________

STEP 1

1. IN THIS STEP WE WILL TAKE A 2 SWITCHES AND 5 COMPUTERS AND AND ONE  LAPTOP FOR EXAMPLE LAPTOP IS ATTACKER.

2. ASSIGN A IP ADDRESS IN ALL DEVICES.


STEP 2

CONFOGURATION PORT SECURITY WITH STATIC LOCK AND VOILATION IS SHUTDOWN.

PORT SECURITY CONFIGURE ON PC-1 MACE ADDRESS

GO TO SWITCH(0) CONFIGURATION MODE AND ENTER THIS COMMANDS.

Switch(config)# inter fa0/1
Switch(config-if)# switchport mode access 
Switch(config-if)# switchport port-security 
Switch(config-if)# switchport port-security mac-address ?

WE ARE CONFIGURING THE STATIC LOG SO WE HAVE TO WRITE THE MAC-ADDRESS OF THE PC.

Switch(config-if)# switchport port-security mac-address 0060.474a.8d1e

AND VOILATION CONFIGURE IS SHUTDOWN SO WRITE A SHUTDOWN IN COMMANDS.

Switch(config-if)# switchport port-security Violation ?

Switch(config-if)# switchport port-security Violation shutdown
Switch(config-if)# switchport port-security maximum 1

"MAXIMUM MEANS THAT WHEN WE CONFIGURE MAXIMUM NUMBER IS 2 EVER JUST 2 HOST CONNECTING WITH HIS  INTER FA0/1  PORTS.

WHEN HIS NUMBER ENTER 3 JUST 3 HOST ATTACHED HIS PORT."

GO TO ENABLE MODE OF SWITCH (0) AND ENTER COMMANDS.

Switch# sh port-security interface fa0/1


Switch# sh port-security address


AFTER THIS WHEN YOU WILL CONNECT PC-1 CABLE WITH ATTACK LAPTOP AND YOU WILL ASSIGN IP ADDRESS TO THAT  THEN THAT CABLE WILL AUTOMATICALLY SHUTDOWN.

______________

 GO  TO SWITCH 1

CONFIGURE PORT SECURITY FROM SWITCH (1) CONFIGURATION MODE AND ENTER HIS COMMANDS.


Switch(config)# inter fa0/2
Switch(config-if)# switchport mode access 
Switch(config-if)# switchport port-security 
Switch(config-if)# switchport port-security mac-address ?

WE ARE CONFIGURING THE DYNAMIC LOG SO WE HAVE TO WRITE THE MAC-ADDRESS OF THE PC.

Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# switchport port-security Violation shutdown
Switch(config-if)# switchport port-security maximum 5

GO TO ENABLR MODE SWITCH  (1)

Switch# sh port-security

WHEN YOU PLUG THE  ATTACKER LAPTOP WITH ANY PORT OF SWITCH 1 AND ASSIGN AN IP ADDRESS TO THE LAPTOP, THEN THAT LAPTOP WILL NOT BE ABLE TO COMMUNICATE WITH YOUR NETWORK IN ANY WAY.

ATTAKER PING PC-3


_________________________












Comments

Post a Comment

Popular posts from this blog

About Me Information

HELLO FRIENDS, I HOPE YOU ALL ARE DOING WELL. I AM MAKING THIS BLOG FOR THE INFORMATION OF NETWORKING ABOUT. IN THIS BLOG WE WILL READ CCNA (200-301) AND ITS RELATED AND NETWORK RELATED INFORMATION. MY NAME IS ABDUL MANAN JAVED MANJ MY AGE IS 21 YEAR    I AM STUDED ABOUT NETWORK  TECHNOLOGY EMAIL ID : mananrajpoot449@gmail.com CONTACT NO : +923486777628 ADDRESS : ISLAMABAD,G7,KHADA MARKET My Website   My Facebook Account My Facebook Page My Linkedin Profile _____________________________ CONTENT ABOUT  HIS BLOGG 1.  Computer Network 2.   What Is Internet 3.   Network Architecture 4.  Osi Refrence Model 5.  Operating System 6.  Internet Protocol (Ip) 7.  Internet Protocol Types 8.   Port Number 9.  Mac-Address 10.    WHAT IS HUB 11.   WHAT IS SWITCH 12.   WHAT IS ROUTER 13.   WHAT IS NETWORK 14.   NETWORK CABLES 15.   ROUTING 16.  Data Transmission 17...
Post a Comment
Read more

CSST COURSE 1.0

Q1. WHAT IS A ADDRESSING. Network addressing is like a two-part delivery system:   Logical Addressing (IP): This is like your permanent address (e.g., 192.168.1.1) that lets data find your device anywhere on the internet. Physical Addressing (MAC): Think of this as a unique ID for your device's network card (AA:BB:CC:DD:EE:FF) used for local delivery within your network. Q2. WHAT IS A PACKET AND FRAME . Packets: Layer: Network Layer (Layer 3) Content: The actual data you want to send, like an email, a video, or website information. Addressing: Contains logical addresses (IP addresses) to identify the sender and receiver on the network. Size: Can vary depending on the data type, but generally larger than frames. Travels across networks: Packets can travel across different networks, like the internet, as they are routed based on IP addresses. Frames: Layer: Data Link Layer (Layer 2) Content: The packet wrapped with additional information for local deliver...
Post a Comment
Read more

DOS AND DDOS ATTACK

A Dos (Denial-Of-Service) Attack and A DDOS (Distributed Denial-Of-Service) Attack Are Both Attempts to Make a Computer System or Network Resource Unavailable to Legitimate Users. However, They Differ in How They Achieve This: Dos Attack: Imagine A Single Person Throwing Rocks at A Castle Gate. A This Person Represents the Attacker, And the Rocks Represent the Malicious Traffic. The Castle Gate Represents the Target System or Network Resource. The Attacker Keeps Throwing Rocks, Trying to Overwhelm the Gate's Defenses and Gain Entry. Dos Attacks Are Typically Launched from A Single System. They Can Be Effective Against Small Systems or Networks, But Larger Systems Can Often Withstand Them. DDos Attack: Imagine An Army Throwing Rocks at A Castle Gate. This Army Represents the Attacker, And the Rocks Represent the Malicious Traffic. The Castle Gate Represents the Target System or Network Resource. The Attackers Coordinate Their Attack, Throwing Rocks from Multiple Directions at Once. ...
Post a Comment
Read more