Example 4-2 shows how to enable and verify switch ports
configured for the port blocking feature.
Example 4-2. Configuring the Port Blocking Feature
Switch(config)# interface Fastethernet0/1
Switch(config-if)# switchport block multicast
Switch(config-if)# switchport block unicast
Switch(config-if)# end
Switch# show interfaces FastEthernet 0/1 switchport
Name: Fa0/1
Switchport: Enabled
Administrative Mode: static access
...
Protected: true
Unknown unicast blocked: enabled
Unknown multicast blocked: enabled
Appliance trust: none
Port Security
Port security is a dynamic feature that prevents unauthorized access to a switch port. The port security feature
can be used to restrict input to an interface by identifying and limiting the MAC addresses of the hosts that are
allowed to access the port. When secure MAC addresses are assigned to a secure port, the switch does not
forward packets with source MAC addresses outside the defined group of addresses. To understand this process,
think of the analogy of a secure car park facility, where a spot is reserved and marked with a particular car
registration number so that no other car is allowed to park at that spot. Similarly, a switch port is configured
with the secure MAC address of a host, and no other host can connect to that port with any other MAC address.
Pages:
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177