Configure Verify and Troubleshoot Port Security
Welcome to the Configure, Verify and Troubleshoot Port Security Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.

Introduction
Welcome to the Configure, Verify and Troubleshoot Port Security Practice Lab. In this module you will be provided with the instructions and devices needed to develop your hands-on skills.
Learning Outcomes
In this module, you will complete the following exercises:
- Configure Static and Dynamic Port Security
- Configure Additional Port Security Configuration Settings
- Configure Err-disable Recovery
After completing this lab, you will be able to:
- Configure static port security
- Configure dynamic port security
- Configure Additional Port Security Configuration Settings
- Configure Err-disable Recovery
Exam Objectives
The following exam objectives are covered in this lab:
- CAS-003 2.1 Analyze a scenario and integrate network and security components, concepts and architectures to meet security requirement.
- CAS-003 2.2 Analyze a scenario to integrate security controls for host devices to meet security requirements.
- CAS-003 3.1 Given a scenario, conduct a security assessment using the appropriate methods.
- CAS-003 4.1 Given a scenario, integrate hosts, storage, networks and applications into a secure enterprise architecture.
Lab Duration
It will take approximately 1 hour to complete this lab.
Exercise 1 - Configure Static and Dynamic Port Security
Port security is a technology that allows you to block unknown devices from being connected to a specified switch port.
In this exercise, you will configure static and dynamic port security on NYCORE1, specifically, on the port that is connected to the NYEDGE1 router.
Learning Outcomes
After completing this exercise, you will be able to:
- Configure static port security
- Configure dynamic port security
Exercise 2 - Configure Additional Port Security Configuration Settings
In this exercise, you will configure port security on NYCORE2 to block unknown MAC addresses from connecting to a specific switch port. In this example, there is a Cisco IP Phone connected to FastEthernet 1/0/12 interface on this switch as shown in the diagram below.
Learning Outcomes
After completing this exercise, you will be able to:
- Configure Additional Port Security Configuration Settings
Exercise 3 - Configuring Err-disable Recovery
When a port security violation occurs that results in a port shutting down, the port goes into an err-disabled state. In order to recover from such a situation, you must go into the switch, shut down the interface and bring it back up.
To avoid such a procedure, it is possible to configure the port so that the err-disable state is not permanent. The interface can automatically be brought back up after a specified amount of time.
In this exercise, you will configure err-disable recovery that will provide such a function.
Learning Outcomes
After completing this exercise, you will be able to:
- Configure Err-disable Recovery
See the full benefits of our immersive learning experience with interactive courses and guided career paths.