1 00:00:00,633 --> 00:00:07,096 In the previous video, we already configure port security in fa0/1. 2 00:00:07,585 --> 00:00:13,182 Next in this video, we are going to learn about mac address sticky. 3 00:00:13,861 --> 00:00:23,353 If you remember, when configuring port security on fa0/1, we register the mac address of server 1 manually. 4 00:00:24,000 --> 00:00:26,618 Let’s scroll to find the command, 5 00:00:28,706 --> 00:00:36,140 here we can see switchport port-security mac-address and then the mac-address of server 1. 6 00:00:36,761 --> 00:00:40,982 So here we register the mac-address of server 1 manually. 7 00:00:41,889 --> 00:00:48,242 Beside registering mac-address manually like this, we can use mac-address sticky. 8 00:00:49,025 --> 00:00:51,149 If we use mac-address sticky, 9 00:00:51,149 --> 00:00:58,090 the switch will detect the first computer connected to the interface. Let’s try it. 10 00:00:58,769 --> 00:01:06,114 We are going to test for server 2, the interface is fa0/2, 11 00:01:08,601 --> 00:01:19,333 here let’s enable, configure terminal, and then go to interface fa0/2. Remember that we need to 12 00:01:19,333 --> 00:01:28,529 change the mode to access first before configuring port security. So here switchport mode access, 13 00:01:30,221 --> 00:01:36,686 and then to enable port security, the command is switchport port-security. 14 00:01:37,651 --> 00:01:43,954 Remember that this command is to enable port security. Let’s check it first, 15 00:01:46,082 --> 00:01:56,946 do show port-security interface fa0/2. Here we can see that now the port security is disabled. 16 00:01:57,789 --> 00:02:07,158 Now let’s enable the port security, let’s check again do show port security interface fa0/2. 17 00:02:09,666 --> 00:02:14,778 Okay here we can see that now the port security is enabled. 18 00:02:16,049 --> 00:02:24,182 Next let’s configure the mac address, but we will not register the mac address of server 2 manually, 19 00:02:24,453 --> 00:02:31,525 we will use mac-address sticky. The command is switchport port-security 20 00:02:31,525 --> 00:02:37,777 mac-address sticky. Remember that if we configure mac-address sticky, 21 00:02:37,777 --> 00:02:43,246 the switch will detect the first computer who connected to the interface. 22 00:02:44,041 --> 00:02:52,436 So in this case, the switch will detect that server 2 is the valid computer for fa0/2. 23 00:02:53,676 --> 00:02:59,930 Next let’s configure the maximum, switchport port-security maximum 1, 24 00:03:00,517 --> 00:03:04,126 and finally let’s configure the violation. 25 00:03:06,334 --> 00:03:14,870 Okay now we have done, let’s check it, do show port-security interface fa0/2. 26 00:03:16,085 --> 00:03:22,579 Here we can see that the port security is enable, the status is secure up, 27 00:03:24,213 --> 00:03:29,383 violation shutdown, and maximum mac address is 1. 28 00:03:32,065 --> 00:03:38,870 But the total mac address, configured mac address, and sticky mac address is still 0, 29 00:03:39,540 --> 00:03:47,236 this is means that server 2 is not registered yet. Let’s try to send packet from server 2. 30 00:03:53,081 --> 00:03:59,900 Okay here success, let’s back to the switch, let’s check the port security again, 31 00:04:00,645 --> 00:04:05,930 okay here we can see that now configured and sticky mac address is 1. 32 00:04:06,873 --> 00:04:18,000 Let’s try show run, here we can see in the fa0/2, remember that we configure mac address sticky, 33 00:04:18,953 --> 00:04:26,046 and after server 2 send packet to server 3, server 2 is registered to fa0/2 34 00:04:26,046 --> 00:04:32,455 automatically like this. So this command is added automatically by the switch. 35 00:04:33,573 --> 00:04:41,368 Let’s make sure that this is the mac address of server 2, open the server 2, go to config, 36 00:04:41,940 --> 00:04:51,966 fa0, here the end of mac address is 37 23:c1, this is same as in the switch. 38 00:04:53,181 --> 00:05:01,866 Okay so now the switch recognize that the valid computer for fa0/2 is server 2. 39 00:05:02,633 --> 00:05:10,613 I think enough for this video, you can do testing by your self, so unplug the cable from server 2 40 00:05:10,613 --> 00:05:16,262 and plug it to the hacker, you will see that the interface will be shutdown. 41 00:05:17,445 --> 00:05:22,138 In the next video, we are going to learn about other violation, 42 00:05:22,369 --> 00:05:24,864 which is protect and restrict. 43 00:05:25,436 --> 00:05:28,811 Thankyou for watching and see you on the next video