April 28, 2007

Why port Security?

Port security can be the best method of security incase you do not have a physical control of your devices in the location. Port security will only let group of address/addresses to access the switch securing your network from physical attacks.

Secured ports restrict a port to a user-defined group of stations. When you assign secure addresses to a secure port, the switch does not forward any packets with source addresses outside the defined group of addresses. If you define the address table of a secure port to contain only one address, the workstation or server attached to that port is guaranteed the full bandwidth of the port. As part of securing the port, you can also define the size of the address table for the port.

Command to enable port security

In config mode, use following command to enable port security

switchport port-security

To define allowed mac-addrresses

switchport port-security maximum max_addrs

To set security violation

switchport port-security violation {shutdown | restrict | protect}

April 1, 2007

Configuring Switch ports in Campus Environments

Last week,  I saw my colleague doing something pretty weird and that kind of initiated me to write this tip which i thought was not a tip initally. Due to Large 6500 48 ports 10/100 cards deployment we need to assign vlans to probably different set of ports. I aw my colleague getting in to each interface and then configuring vlan with switchport access vlan command. I realised that most of us are not aware of cool cisco command to configure similar interfaces in a single go. Here is the command

In a large switch environment, to configure all or

multiple interfaces on a switch with the same configuration

parameters, do the following:

Switch(config)# interface range [ interface { port

range } ]

For example:

Switch(config)#interface range fastEthernet 0/1 – 30

To configure different ports with the same configuration:

Switch(config)#int range fa0/1 , fa0/12 , fa0/13

