The secure MAC addresses are either manually defined or dynamically learned by the switch. We’ll talk about aging later on in this article. There is also aging, but that is disabled by default. Secure ports are really defined by two fundamental things - secure MAC addresses and the maximum number of secure addresses you can have on a port at any given time. When you configure port-security, you are configuring ports as secure ports. The feature is useful for many things including mitigating a CAM table overflow attack, enforcing a policy of not allowing rogue hubs and switches to be connected to your network, and generally just for having more control over what specifically is connecting to your network edge. This feature allows us to secure a switch to a certain degree by limiting the number of MAC addresses seen on individual switch ports as well as limiting the specific MAC addresses allowed on individual switch ports. Port-security is a layer 2 security feature on switches that gives us a little more control over what is allowed to connect to our switch ports from a layer 2 perspective. Originally, I wanted this article to be quite basic, but things just kept building up and it has become quite an advanced article more suited to a CCNP or CCIE candidate. In this article we will examine port-security and all the various features that go with it. Of course, at each level of expertise, you uncover a little bit more about this particular feature. Port-Security is one of those features that goes with you through your career as a Cisco network engineer from CCENT all the way up through the CCIE.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |