Overview

Introduction

The Configure, Verify and Troubleshoot Port Security module provide you with the instructions and Cisco hardware to develop your hands on skills in understanding the configuration and verification of port security features and functionality. This module includes the following activities:

  • Activate port security and configure static and dynamic secure MAC addresses
  • Configure additional port security features including sticky MAC and violation actions
  • Examine and configure err-disable recovery

Exam Objectives

The following exam objectives are covered in this lab:

  • CS0-001 1.1: Given a scenario, apply environmental reconnaissance techniques using appropriate tools and processes
  • CS0-001 1.2: Given a scenario, analyze the results of a network reconnaissance
  • CS0-001 1.3: Given a network-based threat, implement or recommend the appropriate response and countermeasure

Exercise 1 - Static and Dynamic Port Security

Port security is a technology that allows you to block unknown devices from being connected to a specified switch port.

In this exercise, you will configure static and dynamic port security on NYCORE1, specifically, on the port that is connected to the NYEDGE1 router.

Exercise 2 - Additional Port Security Configuration Settings

In this exercise, you will configure port security on NYCORE2 to block unknown MAC addresses from connecting to a specific switch port. In this example, there is a Cisco IP Phone connected to FastEthernet 1/0/12 interface on this switch as shown in the diagram below. You will configure the switch to refuse its connection. Your configuration will include additional parameters including:

  • maximum number of MAC addresses
  • sticky MAC addresses
  • configuring violation modes

Exercise 3 - Configuring Err-disable Recovery

When a port security violation occurs that results in a port shutting down, the port goes into an err-disabled state. In order to recover from such a situation, you must go into the switch, shut down the interface and bring it back up.

To avoid such a procedure, it is possible to configure the port so that the err-disable state is not permanent. The interface can automatically be brought back up after a specified amount of time.

In this exercise, you will configure err-disable recovery that will provide such a function.

Comprehensive Learning

See the full benefits of our immersive learning experience with interactive courses and guided career paths.