How to Configure Port Security on Cisco Switch in GNS3? – In this article, we will configure the Port Security settings on the Layer 2 Switch in GNS3. First of all, we need to understand the Cisco Switch Port Security.
How to Configure Port Security on Cisco Switch in GNS3?

How to Configure Port Security on Cisco Switch in GNS3?

How to Configure Port Security on Cisco Switch in GNS3?

If a network uses Cisco Switch devices, Port Security must be applied to the devices for network security. The Port Security configuration implements the Interface that is integrated on the Cisco Switch. For example, if a computer in a business accounting room is connected to the Cisco Switch FastEthernet0 / 5 port, and that computer is used by only one person, Port Security can be applied to the FastEthernet 0/5 interface.

An interface with Port Security applied on the Cisco Switch is matched with the MAC address of the computer so that security is ensured by preventing other computers from connecting to this interface.

The Cisco Switch interface matches the computer’s MAC address so that the computer with a different MAC address is restricted from connecting to this Cisco Switch interface.

A person who wants to receive company information without permission is not allowed to go online only. In order to be able to access the devices in the company, he can apply to the company as a staff member. It can attack by connecting its own computer to network devices.

To prevent such an attempt, Port Security Settings on the Cisco Switch are required if the company is using the Cisco Switch.

In addition, there are restrictions for Port Security on the Cisco Switch. For example;

1.  Shutdown Violation

This restriction closes the interface in case of violation and sends a notification on the Switch.

2. Restrict Violation

This restriction does not close the interface in case of violation and only sends a notification.

3. Protect Violation

This restriction does not close the interface in case of violation and does not send a notification. It just keeps securing the port.

When the interface is connected to any of the different computers on a configured Switch interface, the Cisco Switch either closes or constraints that port.

If only the restriction made, the Switch interface will not close but will restrict access. The attacking computer will definitely not be able to access any device on the network.

In our previous article, we implemented the steps to add Layer 2 Switch in GNS3. Before configuring Port Security on the Cisco Switch, add one L2 Switch on GNS3. Also, to use VPCS (Virtual Computer) on GNS3, you can check out the GNS3 VPCS Configuration topic.

In this article, we will configure the Port Security settings on the Layer 2 Switch in GNS3. And we will prevent the attack method we have given above.

How to Configure Port Security on Layer 2 Switch in GNS3?

To enable Port Security on the Cisco L2 switch, the GNS3 program must be installed on your computer. If you did not install the program, check out how to install GNS3 on Windows 10.

To configure Port Security step by step, follow the steps below.

   Step 1

Run the GNS3 program and create a new project.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 2

Add one Layer 2 Switch to the GNS3 workspace.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 3

Add two virtual computers VPCS to the GNS3 workspace.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 4

Right-click on GNS3 to add an interface to the Cisco Layer 2 Switch and to increase the performance.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 5

Click Configure from the drop-down options on the L2 Switch.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 6

In the L2 Switch window, increase the RAM value as follows, then click the HDD tab.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 7

Continue by selecting the SATA option on the HDD tab. This option will allow the Cisco Switch to perform better.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 8

Click the Network tab in the L2 Switch window, specify the number of interfaces you want to use in the Adapters section, and then click the OK button to save the settings.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 9

To cable network devices in the GNS3 workspace, click the wiring option as shown in the following image.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 10

Once you wired up the devices in the work area, run the devices by clicking the Start All Nodes button.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 11

The devices should work fine, as shown below.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 12

You can increase functionality by adding comments on the GNS3 workspace. Now, run the console windows of all the devices.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 13

Before configuring Port Security on Cisco Switch in GNS3, you need to configure the VPCS.

To assign an IP address to VPCS PC1, execute the following command.

ip 192.168.5.5/24 192.168.5.1

How to Configure Port Security on Cisco Switch in GNS3?

   Step 14

To assign the IP address to the VPCS PC2, execute the following command.

ip 192.168.5.10/24 192.168.5.1

After configuring the VPCS PCs, use the show ip command to check the IP configuration.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 15

The PC1 to PC2 connection test is successful as the following image.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 16

The connection test from PC2 to PC1 is successful as shown in the following image.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 17

To assign an IP address to VLAN1 on a Layer 2 Cisco Switch, perform the following commands.

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface vlan 1
*May 26 22:55:21.080: %LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed s
Switch(config-if)#ip address 192.168.5.100 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#end
Switch#

How to Configure Port Security on Cisco Switch in GNS3?

   Step 18

To configure Port Security on Cisco Switch in GNS3, apply the following commands, respectively.

Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface gigabitethernet 0/0
Switch(config-if)#switchport host
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled

Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security violation shutdown
Switch(config-if)#exit
Switch(config)#
Switch(config)#
Switch(config)#interface gigabitethernet 0/1
Switch(config-if)#switchport host
switchport mode will be set to access
spanning-tree portfast will be enabled
channel group will be disabled

Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security violation shutdown
Switch(config-if)#end
Switch#wr
With the Switchport Host command, we can set the Cisco Switch interface from Dynamic Mode to Access Mode.
Otherwise, the Cisco Switch interface will not set to Access Port!

How to Configure Port Security on Cisco Switch in GNS3?

   Step 19

By running the show port-security command in privileged mode on the Cisco Switch, you can see if there are any violations on the interfaces.

Since no attacks made, SecurityViolation will appear as 0.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 20

You can see the information about Port Security and the violation status of the interface by applying the command show port-security on L2 Switch.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 21

After configuring Port Security on Cisco Switch in GNS3, a connection established from PC1 to PC2, if the connection between the PCs is to be tested.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 22

Pinging from PC2 to PC1 is also successful.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 23

The MAC address table on the Cisco Switch has updated after pinging between computers. The Cisco Switch stores the MAC addresses of PC1 and PC2 in the table and compares them with those MAC addresses in case of any violation.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 24

The connection will establish when we ping the VLAN1 IP address from the computers.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 25

Ping from PC2 to VLAN1 is also successful.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 26

After completing the steps to configure Port Security on Cisco Switch in GNS3, add one more VPCS to the GNS3 workspace to test the Port Security operation.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 27

Configure the IP settings of the VPCS PC3.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 28

Remove the cable from the PC1 to the Layer 2 Switch. Right click on the cable and click Delete.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 29

Click on the cabling option to connect the VPCS PC3 to the L2 Switch. Then click on PC3.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 30

When you click on L2 Switch, select Ethernet0/0 interface. Previously it was connected to PC1 in this interface and now you see what happens.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 31

When we ping PC2 to PC2, we get an unreachable message. Let’s check the switch.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 32

In the event of a breach in the Cisco Switch console, a log record will immediately fall. The log record here is as follows.

Switch#
*May 26 23:03:58.687: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/0, putting Gi0/0 in err-disable state
*May 26 23:03:58.697: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.7966.6802 on port GigabitEthernet0/0.
*May 26 23:03:59.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*May 26 23:04:00.693: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
Switch#

The above output reports a security breach on GigabitEthernet0/0. Immediately after this notification, the Switch will close the corresponding port.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 33

When we run the show port-security command on the L2 key, it will show a violation on Gig0/0.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 34

Likewise, when we check interface states by running the show ip interface brief command on L2, we can see that the GigabitEthernet0/0 interface is off.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 35

PC3 could not reach the network environment due to Port Security. To connect the L2 Switch to the PC1 computer again, disconnect the cable.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 36

Connect PC1 to the 0/0 interface on the L2 Switch again.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 37

Since the Cisco Switch Gig0/0 interface is turned off, we need to enable it again. To reactivate this interface, first, execute shutdown followed by no shutdown command.

As you can see in this step, Switch has successfully defended itself by closing the interface. If you set the Violation option to Restrict in the Port Security configuration step, the interface will not be turned off.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 38

If you run show port-security again, you can see that the violation part is empty.

How to Configure Port Security on Cisco Switch in GNS3?

   Step 39

When we test the connection, we can see PC1 successfully re-enters the network environment!

How to Configure Port Security on Cisco Switch in GNS3?

Show Commands Related to How to Configure Port Security on Cisco Switch in GNS3

Switch#show port-securitySwitch#show port-security interface gigabitethernet 0/0Switch#show mac address-tableSwitch Violation LogSwitch#show port-security
Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
—————————————————————————
Gi0/0 1 0 0 Shutdown
Gi0/1 1 0 0 Shutdown
—————————————————————————
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 4096
Switch#

Switch#show port-security interface gigabitethernet 0/0
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
Switch#

Switch#show mac address-table
Mac Address Table
——————————————-

Vlan Mac Address Type Ports
—- ———– ——– —–
1 0050.7966.6800 STATIC Gi0/0
1 0050.7966.6801 STATIC Gi0/1
Total Mac Addresses for this criterion: 2
Switch#

Switch#
*May 26 23:03:58.687: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/0, putting Gi0/0 in err-disable state
*May 26 23:03:58.697: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0050.7966.6802 on port GigabitEthernet0/0.
*May 26 23:03:59.687: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
*May 26 23:04:00.693: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to down
Switch#

Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
—————————————————————————
Gi0/0 1 1 1 Shutdown
Gi0/1 1 1 0 Shutdown
—————————————————————————
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 4096
Switch#

Configure Port Security on Cisco Switch in GNS3 ⇒ Video

You can follow the steps to activate and configure Port Security on Layer 2 Switch in GNS3 by watching the video and also subscribe to our YouTube channel…

  Final Word

How to Configure Port Security on Cisco Switch in GNS3? – We have completed the processes to enable Port Security on GNS3. GNS3 is a network simulator, as you can see. When applying Port Security in the real scenario, it is useful to manually enter MAC addresses in Static.

If this article is helpful, send me feedback by commenting! Thanks in advance, take care of yourself!

Also, you can add to browser bookmarks by pressing the CTRL+D to read this article later!

Articles Related to How to Configure Port Security on Cisco Switch in GNS3

Products Related to How to Configure Port Security on Cisco Switch in GNS3
Related Products

Files Related to How to Configure Port Security on Cisco Switch in GNS3
Related Files
You can download the GNS3 version, L2 Switch IOS, and GNS3 project used in this article from the following buttons on your computer.

 
 

Leave a Reply

Your email address will not be published. Required fields are marked *