The musings of an IT Consultant

Aug 31 2009   4:02PM GMT

Port Security on Cisco Switches

Raj Perumal Raj Perumal Profile: Raj Perumal

So in a previous blog I mentioned something called port security. What is port security you might ask? Well in Cisco land port security is the ability to restrict access to certain ports based on mac address. Granted there are methods to spoof mac addresses but this is just one more way you can put another roadblock in front of a determined attacker.

Port security can be configured so you can specify how many and which mac addresses can speak on a certain port. This is ideal when you know what servers are plugged into which ports. You will know the macs that are needed and you can therefore restrict traffic only to them. If someone tries to plugin something else on that port then your switch can be configured to alert you or even shutdown the port altogether.

Port security can even be configured with aging in mind. You can set it so it remembers a mac address for X amount of time and then it will age out the mac address and allow it to learn another one on that port. There are certain situations where you might find this valuable.

You can read more about configuring port security here.


 Comment on this Post

There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

Share this item with your network: