Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Cisco switchport port-security

Posted on 2014-09-09
4
Medium Priority
?
359 Views
Last Modified: 2014-09-11
For the catalyst switch, what do the following commands do?

int fa0/3

...

switchport port-security

switchport port-security violation restrict

...

spannig-tree bpduguard enable

spanning-tree portfast

Thanks
0
Comment
Question by:leblanc
  • 3
4 Comments
 
LVL 13

Accepted Solution

by:
Bryant Schaper earned 2000 total points
ID: 40312586
switchport port-security - mac security at the port, only mac listed have access
switchport port-security violation restrict - one of the violiation methods of port-security, restrict is an admin notification in the log
spannig-tree bpduguard enable - BPDU Guard is designed to protect your switching network. Remember that a Port-fast port is designed to be connected to a device where BPDU’s aren’t expected. This could be a end user device, server or access-point.  When an unexpected BPDU is detected (an end-user wants to plug in a switch in his cubicle) the port will shutdown and enter a err-disable state.
spanning-tree portfast - for access ports, Portfast minimizes the time it takes for the server or workstation to come online
0
 
LVL 1

Author Comment

by:leblanc
ID: 40312594
If my fa0/3 is a trunk, do I need those commands there?
0
 
LVL 13

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 2000 total points
ID: 40312607
I would not use any of those commands, actually they will cause more problems, loopbacks, and also the security could shutdown the port.  I would only use them on access ports.
0
 
LVL 13

Assisted Solution

by:Bryant Schaper
Bryant Schaper earned 2000 total points
ID: 40312609
Spanning tree portfast would cause a loopback

bpduguard would shutdown the port if it senses another switch via bpdu packets
0

Featured Post

Get Certified for a Job in Cybersecurity

Want an exciting career in an emerging field? Earn your MS in Cybersecurity and get certified in ethical hacking or computer forensic investigation. WGU’s MSCSIA degree program was designed to meet the most recent U.S. Department of Homeland Security (DHS) and NSA guidelines.  

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Arrow Electronics was searching for a KVM  (Keyboard/Video/Mouse) switch that could display on one single monitor the current status of all units being tested on the rack.
Compliance and data security require steps be taken to prevent unauthorized users from copying data.  Here's one method to prevent data theft via USB drives (and writable optical media).
NetCrunch network monitor is a highly extensive platform for network monitoring and alert generation. In this video you'll see a live demo of NetCrunch with most notable features explained in a walk-through manner. You'll also get to know the philos…
Monitoring a network: how to monitor network services and why? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the philosophy behind service monitoring and why a handshake validation is critical in network monitoring. Software utilized …
Suggested Courses

877 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question