Switching and Port Security
Switching and port security
Published on: Mar 4, 2016
Transcripts - Switching and Port Security
Port Security in Switching
• Device that forwards data from input/output ports towards it’s
• network hubs, home routers and network bridges are called
• It donot need to be configured.
• Plug and pay devices.
• Nodes connected through links and differenciated by mac
• Maintain forwarding table that contain link number and mac
• Clear table when switch is off.
• Location on switch where devices are connected.
• Devices maybe computers , printers , games etc.
• Number of ports vary to devices.
• rectangular openings a bit bigger than phone cord.
• have a single port called an uplink or (WAN) port, but the rest
are switch ports
• switch port allows connected devices to talk to each other in
Switch port Security
• Feature in switches to secure nework
• Limit the number of devices on switch ports
• Uses mac addresses for limitations
Types of port security
• Port Security With Dynamic Mac Addresses
• Port Security With Static Mac Addresses
• Port Security With Sticky Mac Addresses
Port Security With Dynamic Mac
• Dynamically configure secure mac addresses of devices
connected to port.
• Addresses will be stored in address table.
• Doesn’t forward traffic of unspecified devices
• Addresses will be lost when the switchport goes down or
Port Security With Static Mac
• Secure MAC addresses are statically configured on each
• Stored in the address table.
• Static configuration is stored by default in port Security.
• Addresses table can be made permanent by saving them to
the startup configuration.
Port Security with Sticky MAC
• Sticky secure MAC addresses are a hybrid
• Dynamically learned from the devices connected to the
• Addresses are put into the address table AND are entered into
the running configuration as a static secure MAC address
• MAC addresses will be lost until and unless saved to the
• Violation happens when a person breaks a law or do some
thing that isn’t allowed.
• Default switch port security mode
• Port will be taken out of service
• errDisable mode will be activated
• Manually removed from the state
• switchport will permit traffic from known MAC addresses
• Drop traffic of unknown mac.
• No notification msgs for violation
• the switchport will permit traffic from known MAC addresses
• drop traffic of unknown MAC addresses.
• Send notification msgs of violation occured.
Causes of a Switchport Violation
Two situation that causes Switch Port Violation
• Whe maximum number of secure MAC addresses has added in
address table and traffic from unknown MAC address is
received on the switchport.
• When an address that has been seen on a secure switchport
has already been seen on another secure switchport in the