You are previewing Network Warrior, 2nd Edition.

Network Warrior, 2nd Edition

Cover of Network Warrior, 2nd Edition by Gary A. Donahue Published by O'Reilly Media, Inc.
  1. Network Warrior
    1. Preface
      1. Who Should Read This Book
      2. Conventions Used in This Book
      3. Using Code Examples
      4. We’d Like to Hear from You
      5. Safari® Books Online
      6. Acknowledgments
    2. 1. What Is a Network?
    3. 2. Hubs and Switches
      1. Hubs
      2. Switches
    4. 3. Autonegotiation
      1. What Is Autonegotiation?
      2. How Autonegotiation Works
      3. When Autonegotiation Fails
      4. Autonegotiation Best Practices
      5. Configuring Autonegotiation
    5. 4. VLANs
      1. Connecting VLANs
      2. Configuring VLANs
    6. 5. Trunking
      1. How Trunks Work
      2. Configuring Trunks
    7. 6. VLAN Trunking Protocol
      1. VTP Pruning
      2. Dangers of VTP
      3. Configuring VTP
    8. 7. Link Aggregation
      1. EtherChannel
      2. Cross-Stack EtherChannel
      3. Multichassis EtherChannel (MEC)
      4. Virtual Port Channel
    9. 8. Spanning Tree
      1. Broadcast Storms
      2. MAC Address Table Instability
      3. Preventing Loops with Spanning Tree
      4. Managing Spanning Tree
      5. Additional Spanning Tree Features
      6. Common Spanning Tree Problems
      7. Designing to Prevent Spanning Tree Problems
    10. 9. Routing and Routers
      1. Routing Tables
      2. Route Types
      3. The IP Routing Table
      4. Virtual Routing and Forwarding
    11. 10. Routing Protocols
      1. Communication Between Routers
      2. Metrics and Protocol Types
      3. Administrative Distance
      4. Specific Routing Protocols
    12. 11. Redistribution
      1. Redistributing into RIP
      2. Redistributing into EIGRP
      3. Redistributing into OSPF
      4. Mutual Redistribution
      5. Redistribution Loops
      6. Limiting Redistribution
    13. 12. Tunnels
      1. GRE Tunnels
      2. GRE Tunnels and Routing Protocols
      3. GRE and Access Lists
    14. 13. First Hop Redundancy
      1. HSRP
      2. HSRP Interface Tracking
      3. When HSRP Isn’t Enough
      4. Nexus and HSRP
      5. GLBP
    15. 14. Route Maps
      1. Building a Route Map
      2. Policy Routing Example
    16. 15. Switching Algorithms in Cisco Routers
      1. Process Switching
      2. Interrupt Context Switching
      3. Configuring and Managing Switching Paths
    17. 16. Multilayer Switches
      1. Configuring SVIs
      2. Multilayer Switch Models
    18. 17. Cisco 6500 Multilayer Switches
      1. Architecture
      2. CatOS Versus IOS
      3. Installing VSS
    19. 18. Cisco Nexus
      1. Nexus Hardware
      2. NX-OS
      3. Nexus Iconography
      4. Nexus Design Features
    20. 19. Catalyst 3750 Features
      1. Stacking
      2. Interface Ranges
      3. Macros
      4. Flex Links
      5. Storm Control
      6. Port Security
      7. SPAN
      8. Voice VLAN
      9. QoS
    21. 20. Telecom Nomenclature
      1. Telecom Glossary
    22. 21. T1
      1. Understanding T1 Duplex
      2. Types of T1
      3. Encoding
      4. Framing
      5. Performance Monitoring
      6. Alarms
      7. Troubleshooting T1s
      8. Configuring T1s
    23. 22. DS3
      1. Framing
      2. Line Coding
      3. Configuring DS3s
    24. 23. Frame Relay
      1. Ordering Frame Relay Service
      2. Frame Relay Network Design
      3. Oversubscription
      4. Local Management Interface
      5. Configuring Frame Relay
      6. Troubleshooting Frame Relay
    25. 24. MPLS
    26. 25. Access Lists
      1. Designing Access Lists
      2. ACLs in Multilayer Switches
      3. Reflexive Access Lists
    27. 26. Authentication in Cisco Devices
      1. Basic (Non-AAA) Authentication
      2. AAA Authentication
    28. 27. Basic Firewall Theory
      1. Best Practices
      2. The DMZ
      3. Alternate Designs
    29. 28. ASA Firewall Configuration
      1. Contexts
      2. Interfaces and Security Levels
      3. Names
      4. Object Groups
      5. Inspects
      6. Managing Contexts
      7. Failover
      8. NAT
      9. Miscellaneous
      10. Troubleshooting
    30. 29. Wireless
      1. Wireless Standards
      2. Security
      3. Configuring a WAP
      4. Troubleshooting
    31. 30. VoIP
      1. How VoIP Works
      2. Small-Office VoIP Example
      3. Troubleshooting
    32. 31. Introduction to QoS
      1. Types of QoS
      2. QoS Mechanics
      3. Common QoS Misconceptions
    33. 32. Designing QoS
      1. LLQ Scenario
      2. Configuring the Routers
      3. Traffic-Shaping Scenarios
    34. 33. The Congested Network
      1. Determining Whether the Network Is Congested
      2. Resolving the Problem
    35. 34. The Converged Network
      1. Configuration
      2. Monitoring QoS
      3. Troubleshooting a Converged Network
    36. 35. Designing Networks
      1. Documentation
      2. Naming Conventions for Devices
      3. Network Designs
    37. 36. IP Design
      1. Public Versus Private IP Space
      2. VLSM
      3. CIDR
      4. Allocating IP Network Space
      5. Allocating IP Subnets
      6. IP Subnetting Made Easy
    38. 37. IPv6
      1. Addressing
      2. Simple Router Configuration
    39. 38. Network Time Protocol
      1. What Is Accurate Time?
      2. NTP Design
      3. Configuring NTP
    40. 39. Failures
      1. Human Error
      2. Multiple Component Failure
      3. Disaster Chains
      4. No Failover Testing
      5. Troubleshooting
    41. 40. GAD’s Maxims
      1. Maxim #1
      2. Maxim #2
      3. Maxim #3
    42. 41. Avoiding Frustration
      1. Why Everything Is Messed Up
      2. How to Sell Your Ideas to Management
      3. When to Upgrade and Why
      4. Why Change Control Is Your Friend
      5. How Not to Be a Computer Jerk
    43. Index
    44. About the Author
    45. Colophon
O'Reilly logo

Port Security

Port security is the means whereby you can prevent network devices from using a port on your switch. At the port level, you can specify certain MAC addresses that you allow or deny the right to use the port. You can do this statically or dynamically. For example, you can tell the switch to allow only the first three stations that connect to use a port, and then deny all the rest. You can also tell the switch that only the device with the specified MAC address can use the switch port, or that any node except the one with the specified MAC address can use the switch port.

MAC addresses can be either manually configured or dynamically learned. Addresses that are learned can be saved. Manually configured addresses are called static secure MAC addresses; dynamically learned MAC addresses are termed dynamic secure MAC addresses; and saved dynamic MAC addresses are called sticky secure MAC addresses.

You enable port security with the switchport port-security interface command. This command can be configured only on an interface that has been set as a switchport. Trunks and interfaces that are dynamic (the default) cannot be configured with port security:

3750(config-if)#switchport port-security
Command rejected: GigabitEthernet1/0/20 is a dynamic port.

If you get this error, you need to configure the port for switchport mode access before you can continue:

3750(config-if)#switchport mode access
3750(config-if)# switchport port-security

You cannot configure port security on a port ...

The best content for your career. Discover unlimited learning on demand for around $1/day.