Les tutoriels d'Enrico 78 Watch on YouTube

Comment sécurisé les ports des Switch

2 min read 11 months ago
Published on Sep 19, 2024 This response is partially generated with the help of AI. It may contain inaccuracies.

Table of Contents

Introduction

This tutorial will guide you through the process of securing ports on Cisco switches using the "Port-security" feature. By limiting access to specific MAC addresses, you can enhance network security and prevent unauthorized access. This is particularly useful in environments where sensitive data is handled.

Step 1: Understanding MAC Addresses

  • Definition: A MAC (Media Access Control) address is a unique identifier assigned to a network interface for communications on the physical network segment. It is akin to a home address for devices on a network.
  • Importance: Knowing how to manage MAC addresses is crucial for securing switch ports.

Step 2: Accessing the Switch Configuration

  • Connect to your Cisco switch using a console cable or SSH.
  • Enter privileged EXEC mode by typing:
    enable
  • Enter global configuration mode:
    configure terminal

Step 3: Enabling Port Security

  • Navigate to the interface you want to secure. For example, if you want to secure interface FastEthernet 0/1, use:
    interface FastEthernet0/1
  • Enable port security:
    switchport port-security

Step 4: Configuring MAC Address Security

You can configure port security in two ways:

Option 1: Manually Adding MAC Addresses

  • Specify the allowed MAC address:
    switchport port-security mac-address [MAC_ADDRESS]
    Replace [MAC_ADDRESS] with the actual MAC address you want to allow.

Option 2: Dynamically Learning MAC Addresses

  • Allow the switch to learn the MAC address of the first device that connects:
    switchport port-security mac-address sticky
  • This command automatically saves the MAC address of the device that sends its first frame to that port.

Step 5: Setting Port Security Violation Actions

  • Decide what happens if a violation occurs. You can choose to:

    • Shutdown the port (default behavior)
    • Restrict the port (only allow known MACs)
    • Protect the port (drop packets from unknown MACs)

  • Example command to shut down the port on violation:

    switchport port-security violation shutdown

Step 6: Verifying Port Security Configuration

  • Exit back to privileged EXEC mode:
    end
  • Use the following command to check the port security status:
    show port-security interface FastEthernet0/1

Conclusion

By following these steps, you have successfully secured the ports on your Cisco switch using the Port-security feature. Remember to regularly monitor and update your MAC address lists as devices connect and disconnect from your network. For further learning, consider exploring additional security features offered by Cisco switches.

Table of Contents

Recent