Port Security - verification

October 1, 2020 - Reading time: 10 minutes

On our last tutorial we configured port security on a switch, let’s verify the configuration:

switch0#show port-security

 

 

 

switch0#show port-security interface fa0/2

 

In the above screenshots the switch hasn’t learned any mac address, although it’s configured as sticky and Host1 is connected to that port. This is because there hasn’t been any traffic from Host1. Now let’s ping our web server (Host0) from Host1:

 

Now let’s verify the port security settings on our switch again:

The mac address of Host1 is recorded in the Secure Mac Address Table. This shows that Port security has been successfully configured. 

Testing Port Security:

Now that we’ve verified the port security configuration on our switch, let’s test by connecting Host2 to the switch via interface fa0/2. In our lab, let’s disconnect Host1 from the switch and connect Host2 to the fa0/2 interface on the switch.

Now let’s ping Host0 from Host2:

The request is timed out. Now let’s view the port-security on the fa0/2 interface with the command switch0#show port-security interface fa0/2

 

 

Note that the port status is secure-down, and the Violation mode is shutdown. To get this interface back up, reconnect Host1 to the fa0/2 interface or enter the interface and force shutdown the interface and  bring it back up with the commands:

 

switch0(config)#interface fa0/2
switch0(config-if)#shutdown
switch0(config-if)#no shutdown

 

Note: The Pocket CLI App supports custom mac address for hosts. You can simply change the mac address of Host1 manually to test the port security, without having to connect Host2.

Now let’s verify the port security settings on our switch again:

The mac address of Host1 is recorded in the Secure Mac Address Table. This shows that Port security has been successfully configured. 

Testing Port Security:

Now that we’ve verified the port security configuration on our switch, let’s test by connecting Host2 to the switch via interface fa0/2. In our lab, let’s disconnect Host1 from the switch and connect Host2 to the fa0/2 interface on the switch.

Now let’s ping Host0 from Host2:

The request is timed out. Now let’s view the port-security on the fa0/2 interface with the command switch0#show port-security interface fa0/2

 

 

Note that the port status is secure-down, and the Violation mode is shutdown. To get this interface back up, reconnect Host1 to the fa0/2 interface or enter the interface and force shutdown the interface and  bring it back up with the commands:

 

switch0(config)#interface fa0/2
switch0(config-if)#shutdown
switch0(config-if)#no shutdown

 

Note: The Pocket CLI App supports custom mac address for hosts. You can simply change the mac address of Host1 manually to test the port security, without having to connect Host2.

Port Security - verification | PocketCLI

>