![hirschmann switch mac layer security hirschmann switch mac layer security](https://www.instrumentsindustry.com/res/_cache/auto/16/1665.jpg)
![hirschmann switch mac layer security hirschmann switch mac layer security](https://www.instrumentsindustry.com/res/_cache/auto/16/1666.jpg)
Router#configure terminalrouter(config)#interface interfacerouter(config-if)#switchport port-security violation ShutdownWhen using this method, the port will shut down upon receipt of packets from unknown addresses, AND the security violation counter will be incremented, and a management message will be sent.RestrictWhen using this method, the packets from the unknown source addresses will be dropped, AND the security violation counter will be incremented and a management message will be sent.ProtectWhen using this method, the packets from the unknown source addresses will be dropped.If a port security violation should occur, there are three different methods that can be configured based on the intended device reaction:
![hirschmann switch mac layer security hirschmann switch mac layer security](https://img.directindustry.com/images_di/photo-g/29418-15049035.jpg)
router#configure terminalrouter(config)#interface interfacerouter(config-if)#switchport port-security mac-address stickyĪlong with configuring these different types of MAC address, a port can also be configured with a maximum number of allowed learned MAC addresses (the default is one): router#configure terminalrouter(config)#interface interfacerouter(config-if)#switchport port-security maximum maximum Sticky MAC addresses are lost on reboot unless the running configuration is saved. There are three different ways that MAC addresses can be configured onto a port:Ī statically-configured MAC address is rather simple a single MAC address is configured to be allowed on a port: router#configure terminalrouter(config)#interface interfacerouter(config-if)#switchport port-security mac-address mac-addressĪ dynamic MAC address is one that is learned on an interface and is held in the Content-Addressable Memory (CAM) table until it times out (5 minutes) these are enabled by default.Ī sticky address is dynamically learned and then immediately converted into a sticky secure MAC address this “sticks” the specific MAC address to this port alone. When using port level security, the MAC address(es) and/or number of MAC addresses of the connected devices is controlled. The simplest form of switch security is using port level security. It should be noted that this article is not intended to show all possible switch security methods but simply highlight the most commonly referenced. This article takes a look at these potential threats and at the different techniques and configurations that can be used to avoid them. Many people can tend to ignore the security vulnerabilities that can be exploited at Layer 2, but these devices are just as vulnerable as high layer devicesthey are just attacked in different ways. CCNA 640-802 Official Cert Library, Updated, 3rd EditionĪ very important part of securing an organizational network involves the Layer 2 parts of the network, specifically the switches.