switching and port security
TRANSCRIPT
![Page 1: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/1.jpg)
![Page 2: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/2.jpg)
GROUPMEMBERS
USMAN IMRAN/16237 ADNAN
SAFDAR/17539
![Page 3: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/3.jpg)
PRESENTATION OF
TELECOMMUNICATION SWITCHING
Port Security in Switching
![Page 4: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/4.jpg)
WHAT IS SWITCH?
• Device that forwards data from input/output ports towards it’s destination .
• network hubs, home routers and network bridges are called switches .
• It donot need to be configured.
• Plug and pay devices.
![Page 5: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/5.jpg)
• Nodes connected through links and differenciated by mac addresses
• Maintain forwarding table that contain link number and mac addresses.
• Clear table when switch is off.
![Page 6: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/6.jpg)
Switch
![Page 7: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/7.jpg)
Switch
![Page 8: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/8.jpg)
Ports
• Location on switch where devices are connected.
• Devices maybe computers , printers , games etc.
• Number of ports vary to devices.
![Page 9: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/9.jpg)
• rectangular openings a bit bigger than phone cord.
• have a single port called an uplink or (WAN) port, but the rest are switch ports
• switch port allows connected devices to talk to each other in parallel
![Page 10: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/10.jpg)
![Page 11: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/11.jpg)
![Page 12: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/12.jpg)
Switch port Security
• Feature in switches to secure nework
• Limit the number of devices on switch ports
• Uses mac addresses for limitations
![Page 13: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/13.jpg)
Types of port security
• Port Security With Dynamic Mac Addresses
• Port Security With Static Mac Addresses
• Port Security With Sticky Mac Addresses
![Page 14: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/14.jpg)
Port Security With Dynamic Mac Addresses
• Dynamically configure secure mac addresses of devices connected to port.
• Addresses will be stored in address table.
• Doesn’t forward traffic of unspecified devices
• Addresses will be lost when the switchport goes down or switch reboots.
![Page 15: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/15.jpg)
Port Security With Static Mac Addresses
• Secure MAC addresses are statically configured on each switchport.
• Stored in the address table.
• Static configuration is stored by default in port Security.
• Addresses table can be made permanent by saving them to the startup configuration.
![Page 16: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/16.jpg)
Port Security with Sticky MAC Addresses
• Sticky secure MAC addresses are a hybrid
• Dynamically learned from the devices connected to the switchport
• Addresses are put into the address table AND are entered into the running configuration as a static secure MAC address
• MAC addresses will be lost until and unless saved to the startup configuration
![Page 17: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/17.jpg)
violation
• Violation happens when a person breaks a law or do some thing that isn’t allowed.
TYPES• Shutdown
• Protect
• Restrict
![Page 18: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/18.jpg)
Shutdown
• Default switch port security mode
• Port will be taken out of service
• errDisable mode will be activated
• Manually removed from the state
![Page 19: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/19.jpg)
Protect
• switchport will permit traffic from known MAC addresses
• Drop traffic of unknown mac.
• No notification msgs for violation
![Page 20: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/20.jpg)
Restrict
• the switchport will permit traffic from known MAC addresses
• drop traffic of unknown MAC addresses.
• Send notification msgs of violation occured.
![Page 21: Switching and Port Security](https://reader035.vdocuments.net/reader035/viewer/2022062823/5870d4b11a28ab64768b64db/html5/thumbnails/21.jpg)
Causes of a Switchport Violation
Two situation that causes Switch Port Violation
• Whe maximum number of secure MAC addresses has added in address table and traffic from unknown MAC address is received on the switchport.
• When an address that has been seen on a secure switchport has already been seen on another secure switchport in the same VLAN.