- #LAYER 2 SECURITY PACKET TRACER ACTIVITY VERIFICATION#
- #LAYER 2 SECURITY PACKET TRACER ACTIVITY MAC#
#LAYER 2 SECURITY PACKET TRACER ACTIVITY MAC#
The number of MAC addresses on any single port has to be reduced. To secure any port, the user has to follow these two steps: If the network of the organization is secure, the feature used to control all such switch ports is called Port Security. This can result in a number of attacks such as a DOS attack on layer two or an address spoofing attack. In this case, Ethernet LANs are very weak as all their switch ports can be used by anyone. It is quite easy for any hacker or attacker to access a network incorrectly when they are able to enter the network. Shutdown:-Puts the interface into the error-disabled state immediately and sends a trap notification. But in this mode, switch will make a log entry and generate a violation alert and the violation counter increments. Restrict: - In restrict mode frames from non-allowed address would be dropped. Protect:-The PFC (Policy Feature Card ) drops packets with unknown source addresses until you remove a sufficient number of secure MAC addresses to drop below the maximum value. Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action S1# show port-security interface fastEthernet 0/2 S1# show port-security interface fastEthernet 0/1 S1(config-if)# switchport port-security violation shutdown S1(config-if)# switchport port-security mac-address sticky S1(config-if)# switchport port-security maximum 1 Why PC2 is able to ping PC1, but the Rouge Laptop is not?. 
Disconnected Rouge Laptop and reconnect PC2 verify PC2 can PC1.Display the port security violations for the port Rouge Laptop is connected to.Verify that Rouge Laptop is unable to ping PC1. Disconnect PC2 and connect Rouge Laptop to PC2’s port.
#LAYER 2 SECURITY PACKET TRACER ACTIVITY VERIFICATION#
After verification shutdown the port connects to Rouge Laptop.
Enable the port and verify that Rouge Laptop can ping PC1 and PC2. Attach Rouge Laptop to any unused switch port and notice that the link lights are red. Verify port security is enabled and MAC address of PC1 and PC2 were added to the running configuration. Disable all the remaining unused ports, Hint: Use the range keyword to apply this configuration to all the ports simultaneously. Set the violation so that the Fast Ethernet ports 0/1 and 0/2 are not disabled when a violation occurs, but packets are dropped from and unknown source. 
Secure the ports so that the MAC address of a device is dynamically learned and added to the running configuration.Set the maximum so that only one device can access the Fast Ethernet ports 0/1 and 0/2.Access the command line for S1 and enable port security on Fast Ethernet ports 0/0 and 0/2.Port security allows you to restrict a port’s ingress traffic by limiting the MAC address that are allowed to send traffic into the port. In this activity, you will configure and verify port security on a switch.
0 kommentar(er)
