1 00:00:00,932 --> 00:00:06,061 In the previous video, we already learn the concept of port security. 2 00:00:06,940 --> 00:00:12,852 The summary is, port security is used to securing switch interfaces. 3 00:00:13,720 --> 00:00:21,612 So if one day there is hackers unplug the cable and connecting the cable to their computer, 4 00:00:21,894 --> 00:00:24,574 the switch interface should be blocked. 5 00:00:25,258 --> 00:00:29,383 So the hackers can not send any packet anywhere. 6 00:00:30,730 --> 00:00:35,306 In this video, we are going to practice about port security. 7 00:00:35,730 --> 00:00:48,059 Let’s just start, open the switch, go to CLI, enable, configure terminal, 8 00:00:48,894 --> 00:00:57,580 next let’s go to the interface connected to the server 1, in this case fa0/1, 9 00:00:58,069 --> 00:01:02,250 we will configure port security on fa0/1 first. 10 00:01:03,096 --> 00:01:06,428 Here interface fa0/1. 11 00:01:08,370 --> 00:01:15,883 To configure port security, we need to change the mode to access first, because by default, 12 00:01:15,883 --> 00:01:26,037 the mode on the switch is dynamic auto, let’s check it, do show interface fa0/1 switchport, 13 00:01:27,708 --> 00:01:32,450 here we can see that the administrative mode is dynamic auto. 14 00:01:33,286 --> 00:01:40,682 And remember that we need to change the mode to access first before configuring port security. 15 00:01:41,474 --> 00:01:44,836 So here, switchport mode access. 16 00:01:46,779 --> 00:01:55,195 Okay next to activate port security, the command is switchport port-security like this. 17 00:01:56,822 --> 00:02:02,569 Remember that this command is used to activate port security in this interface. 18 00:02:04,153 --> 00:02:08,309 Next we need to register the mac address of the server 1. 19 00:02:08,906 --> 00:02:17,095 Go to server 1, config section, and then go to fa0. 20 00:02:18,060 --> 00:02:20,268 Here we can see a mac address. 21 00:02:20,702 --> 00:02:22,108 Let’s copy this, 22 00:02:24,571 --> 00:02:30,743 Back to the switch, and then let’s register the mac address of server 1, 23 00:02:31,373 --> 00:02:40,136 the command is switchport port-security mac-address and then paste the mac address of server 1. 24 00:02:41,428 --> 00:02:50,303 Okay, so now the server or computer that allowed to connect to fa0/1 is only server 1. 25 00:02:51,410 --> 00:02:56,096 This is because we input the mac address of server 1 here. 26 00:02:57,149 --> 00:03:04,201 Next we need to configure the maximum computer who are allowed to connect to this interface, 27 00:03:04,863 --> 00:03:15,240 the command is switchport port-security maximimum 1, this is means that only 1 server or computer 28 00:03:15,240 --> 00:03:19,170 who allowed to connect to fa0/1. 29 00:03:20,277 --> 00:03:28,242 Last, we need to configure violation, violation is an action if there is an illegal computer 30 00:03:28,242 --> 00:03:30,172 connected to the interface. 31 00:03:31,127 --> 00:03:38,937 The command is switchport port-security violation and then question mark, here we can see that 32 00:03:38,937 --> 00:03:47,787 we have 3 option for violation, which is shutdown, restrict, and protect. 33 00:03:48,590 --> 00:03:54,697 In this case we are going to use shutdown first, we will learn about restrict and protect 34 00:03:54,697 --> 00:03:56,223 in the next video. 35 00:03:57,949 --> 00:04:03,479 If we use violation shutdown like this, if there is an illegal computer connected to 36 00:04:03,479 --> 00:04:08,237 the interface, the interface will be automatically shutdown. 37 00:04:08,888 --> 00:04:12,847 In packet tracer, the light of cable will become red. 38 00:04:14,702 --> 00:04:20,794 Okay now we have done configuring port security on fa0/1. 39 00:04:21,597 --> 00:04:29,227 I think enough for this video, in the next video, we are going to test our port security configuration. 40 00:04:29,672 --> 00:04:33,056 Thankyou for watching and see you on the next video.