Tweet
Lab: Configuring switch Access port security
Lab Objective:
The objective of this lab exercise is to configure basic switch security to prevent MAC address flooding on switch ports. This is accomplished by limiting the number of MAC entries that are allowed to be learned on a port. By default, there is no limit on MAC addresses that can be learned on a port.
Lab Purpose:
Port security is a fundamental skill. A Common Denial of Service technique used to cripple switched networks is MAC flooding. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to configure port security to mitigate MAC flooding attacks.
Certification Level:
This lab is suitable for CCNA certification exam preparation
Lab Difficulty:
This lab has a difficulty rating of 8/10
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 15 minutes
Lab Topology:
Please use the following topology to complete this lab exercise:
Task 1:
Configure a hostname of Sw1 on your lab switch, and the hostname R1 on the router as illustrated in the topology.
Task 2:
Create VLAN 10 on switch Sw1 and assign port FastEthernet0/2 to this VLAN as an access port.
Task 3:
Configure IP address 10.0.0.1/30 on router R1's FastEthernet0/0 interface, and IP address 10.0.0.2/30 in switch Sw2's VLAN 10 interface. Verify that R1 can ping Sw1 and vice versa.
Task 4:
Configure port security on port FastEthernet0/2 on switch Sw1 so that only 1 MAC address is allowed to be learned on that interface. In the event of port security configuration violations, where more than 1 MAC address is observed on that interface, the switch should shut the interface down. Verify your configuration with port security commands in Cisco IOS.
The objective of this lab exercise is to configure basic switch security to prevent MAC address flooding on switch ports. This is accomplished by limiting the number of MAC entries that are allowed to be learned on a port. By default, there is no limit on MAC addresses that can be learned on a port.
Lab Purpose:
Port security is a fundamental skill. A Common Denial of Service technique used to cripple switched networks is MAC flooding. As a Cisco engineer, as well as in the Cisco CCNA exam, you will be expected to know how to configure port security to mitigate MAC flooding attacks.
Certification Level:
This lab is suitable for CCNA certification exam preparation
Lab Difficulty:
This lab has a difficulty rating of 8/10
Readiness Assessment:
When you are ready for your certification exam, you should complete this lab in no more than 15 minutes
Lab Topology:
Please use the following topology to complete this lab exercise:
Task 1:
Configure a hostname of Sw1 on your lab switch, and the hostname R1 on the router as illustrated in the topology.
Task 2:
Create VLAN 10 on switch Sw1 and assign port FastEthernet0/2 to this VLAN as an access port.
Task 3:
Configure IP address 10.0.0.1/30 on router R1's FastEthernet0/0 interface, and IP address 10.0.0.2/30 in switch Sw2's VLAN 10 interface. Verify that R1 can ping Sw1 and vice versa.
Task 4:
Configure port security on port FastEthernet0/2 on switch Sw1 so that only 1 MAC address is allowed to be learned on that interface. In the event of port security configuration violations, where more than 1 MAC address is observed on that interface, the switch should shut the interface down. Verify your configuration with port security commands in Cisco IOS.