120 Labs for Cisco CCNA 200-125 and CCENT Exams

Challenge Lab 8: Switchport Security

Lab Objective:

The objective of this lab exercise is for you to protect a switchport with port security.

Lab Purpose:

Configuring port security on switches is a very important CCNA exam topic. I can almost guarantee that you’ll be asked a question or be given a lab on it. Rather than watch a video solution, I have provided show runs and test commands where appropriate.

Certification Level:

This lab is suitable for both CCENT and CCNA certification exam preparation.

Lab Difficulty:

This lab has a difficulty rating of 6/10.

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 15 minutes.

Lab Topology:

Please use the following topology to complete this lab exercise:

Task 1:

Connect a PC to a switchport. Configure the port as an access port.

Task 2:

Configure the switchport as an access port and put it into VLAN20. Add IP address 10.0.0.2 to VLAN20 and a default gateway of the PC IP address.

Task 3:

Configure port security on the switchport. Add a command to ensure that the switch adds the learned MAC address to the startup configuration file.

Task 4:

Optional: Change the MAC address on the PC using Packet Tracer or a physical device if you have a home lab. Now check that the port has been shut down.

Solution

Show Runs

Switch#show run
hostname Switch 
! 
spanning-tree mode pvst 
! 
interface FastEthernet0/1 
switchport access vlan 20 
switchport mode access 
switchport port-security 
switchport port-security mac-address sticky 
switchport port-security mac-address sticky 0004.9AAA.C6D8 ‹ this was learned by the switch, not manually entered. 
! 
interface FastEthernet0/2 
interface Vlan1 
no ip address 
shutdown 
! 
interface Vlan20 
ip address 10.0.0.2 255.255.255.0 
! 
ip default-gateway 10.0.0.1

TEST:

Switch#show port-security int f0/1 
Port Security              : Enabled 
Port Status                : Secure-up 
Violation Mode             : Shutdown 
Aging Time                 : 0 mins 
Aging Type                 : Absolute 
SecureStatic Address Aging : Disabled 
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1 
Configured MAC Addresses   : 0 
Sticky MAC Addresses       : 1 
Last Source Address:Vlan   : 0004.9AAA.C6D8:20 
Security Violation Count   : 0

After changing the mac address, you should see the following:

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down 

Switch#show port-security int f0/1 
Port Security              : Enabled Port 
Status                : Secure-shutdown 
Violation Mode             : Shutdown 
Aging Time                 : 0 mins 
Aging Type                 : Absolute 
SecureStatic Address Aging : Disabled 
Maximum MAC Addresses      : 1 Total 
MAC Addresses        : 1 
Configured MAC Addresses   : 0 
Sticky MAC Addresses       : 1 
Last Source Address:Vlan   : 0004.9AAA.C6D9:20 
Security Violation Count   : 1

Related Articles

Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments
Back to top button