![]() ![]() Since Cisco Switch closes the Gig0/0 interface, you must re-enable it. Reconnect the PC1 to interface 0/0 on the L2 Switch. Unplug the cable to connect the PC1 computer to the L2 Switch again. ![]() PC3 could not access the network environment due to Port-Security. Likewise, when you check the interface states by running the show ip interface brief command on the L2, you can see that the GigabitEthernet0/0 interface closed. When you run the show port-security command on the Layer 2 Switch, check for a violation on Gig0/0. Immediately after this notification, the Switch will close the corresponding port. In the log above you can see that there is a security breach on GigabitEthernet0/0. *May 26 23:04:00.693: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down *May 26 23:03:59.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down *May 26 23:03:58.697: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.7966.6802 on port GigabitEthernet0/0. *May 26 23:03:58.687: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/0, putting Gi0/0 in err-disable state Since there is a violation in the switch’s console, log records will appear as follows ![]() When you ping from PC3 to PC2, you will receive the host unreachable message as follows. In this interface, PC1 was connected, and check what happens when you connect PC3 to it. When you click L2 Switch, select the Ethernet0/0 interface. Now, right-click to remove the cable between PC1 and L2 Switch and click Delete.Ĭlick the wiring option to connect the VPCS PC3 to the L2 Switch. Pinging from PC2 to VLAN1 will also be successful.Īfter enabling PS, add another VPCS to the workspace to test whether this feature works.Ĭonfigure the IP settings of the VPCS PC3 as follows. The test will also be successful if you Ping the IP address of the VLAN1 from the computers. The switch has recorded the MAC addresses of PC1 and PC2 in the table and will compare it with the MAC addresses here in case of any violation. Pinging from PC2 to PC1 will also be successful.Īfter the Ping operation between computers, the MAC address table on the Cisco Switch updated. You can examine the Port related information and violations by applying the “ show port-security interface gigabitethernet 0/0” command on the L2 Switch.Īfter configuring PS, ping from PC1 to PC2 to test the connection between the PCs. ![]() The SecurityViolation section will appear as 0 since no attacks are currently taking place. Otherwise, the Cisco Switch interface will not be set to Access Port!īy running the show port-security command in privileged mode on the Cisco Switch, you can check for any violations on the interfaces. Set the Cisco Switch’s interface from Dynamic mode to Access mode with the “ Switchport Host” command. Switch(config)#interface gigabitethernet 0/1 Switch(config-if)#switchport port-security violation shutdown Switch(config-if)#switchport port-security maximum 1 Switch(config-if)#switchport port-security mac-address sticky Switch(config-if)#switchport port-security Switch(config)#interface gigabitethernet 0/0 Enter configuration commands, one per line. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |