Tuesday, June 18, 2019

How To Enable Or Disable Port Security On A Cisco Switch

Enabling Port Security


Enabling port security and MAC sticky ports is an easy way to add some security to your network. It associates a device (PC, printer, etc.) with a port on the switch. The specified device will be assigned an IP address and function normally, but any other device plugged into the same port will not be assigned an IP address, and will not function on the network.

To begin, telnet into the switch and input the password.

Type "en" or "enable" and put in the password again.

The ">" prompt should now change to "#"

Type in "config t" and press enter. This will change the prompt to (config)#

Specify the port you wish to change. For example, "int fa0/5" would specify port 5 on the switch.The prompt should now read (config-if)#

Enter in the following commands:

switchport mode access
switchport port-security
switchport port-security violation protect
switchport port-security mac-address sticky

The port will now only grant network access to the device currently plugged into it (based on its MAC address.) Any other device plugged into it will not be assigned an IP address without releasing the security on the port.

From the (config-if)# prompt, type "exit"

From the (config)# prompt, type "exit"

Verify that the device is currently working.

At the # prompt, type "copy running-config startup-config" This will save the change.

Disabling Port Security


Disabling port security is necessary to plug a new device into the switch. Port security will be disabled, the new device will be plugged in (and allowed to obtain an IP address,) and then port security will be enabled again.

To disable port security, follow the same steps as for enabling, with one exception. After specifying the port to make changes to, the following commands will be entered:

No switchport port-security
No switchport port-security violation protect
No switchport port-security mac-address sticky
No switchport mode access

These are the same commands as were used to enable port security, with the addition of "no" in front of each line. This tells the switch not to use the security options. 
Posted by at
Labels: , , , , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)