1

00:00:00,633  -->  00:00:07,096
In the previous video, we already configure port
security in fa0/1.

2

00:00:07,585  -->  00:00:13,182
Next in this video, we are going to learn about mac address sticky.

3

00:00:13,861  -->  00:00:23,353
If you remember, when configuring port security on fa0/1, we register the mac address of server 1 manually.

4

00:00:24,000  -->  00:00:26,618
Let’s scroll to find the command,

5

00:00:28,706  -->  00:00:36,140
here we can see switchport port-security
mac-address and then the mac-address of server 1.

6

00:00:36,761  -->  00:00:40,982
So here we register the
mac-address of server 1 manually.

7

00:00:41,889  -->  00:00:48,242
Beside registering mac-address manually
like this, we can use mac-address sticky.

8

00:00:49,025  -->  00:00:51,149
If we use mac-address sticky,

9

00:00:51,149  -->  00:00:58,090
the switch will detect the first computer
connected to the interface. Let’s try it.

10

00:00:58,769  -->  00:01:06,114
We are going to test for
server 2, the interface is fa0/2,

11

00:01:08,601  -->  00:01:19,333
here let’s enable, configure terminal, and then
go to interface fa0/2. Remember that we need to

12

00:01:19,333  -->  00:01:28,529
change the mode to access first before configuring
port security. So here switchport mode access,

13

00:01:30,221  -->  00:01:36,686
and then to enable port security, the command
is switchport port-security.

14

00:01:37,651  -->  00:01:43,954
Remember that this command is to enable port security.
Let’s check it first,

15

00:01:46,082  -->  00:01:56,946
do show port-security interface fa0/2. Here we
can see that now the port security is disabled.

16

00:01:57,789  -->  00:02:07,158
Now let’s enable the port security, let’s check
again do show port security interface fa0/2.

17

00:02:09,666  -->  00:02:14,778
Okay here we can see that now
the port security is enabled.

18

00:02:16,049  -->  00:02:24,182
Next let’s configure the mac address, but we will
not register the mac address of server 2 manually,

19

00:02:24,453  -->  00:02:31,525
we will use mac-address sticky. The
command is switchport port-security

20

00:02:31,525  -->  00:02:37,777
mac-address sticky. Remember that
if we configure mac-address sticky,

21

00:02:37,777  -->  00:02:43,246
the switch will detect the first
computer who connected to the interface.

22

00:02:44,041  -->  00:02:52,436
So in this case, the switch will detect
that server 2 is the valid computer for fa0/2.

23

00:02:53,676  -->  00:02:59,930
Next let’s configure the maximum,
switchport port-security maximum 1,

24

00:03:00,517  -->  00:03:04,126
and finally let’s configure the violation.

25

00:03:06,334  -->  00:03:14,870
Okay now we have done, let’s check it,
do show port-security interface fa0/2.

26

00:03:16,085  -->  00:03:22,579
Here we can see that the port security
is enable, the status is secure up,

27

00:03:24,213  -->  00:03:29,383
violation shutdown, and maximum mac address is 1.

28

00:03:32,065  -->  00:03:38,870
But the total mac address, configured mac
address, and sticky mac address is still 0,

29

00:03:39,540  -->  00:03:47,236
this is means that server 2 is not registered
yet. Let’s try to send packet from server 2.

30

00:03:53,081  -->  00:03:59,900
Okay here success, let’s back to the
switch, let’s check the port security again,

31

00:04:00,645  -->  00:04:05,930
okay here we can see that now
configured and sticky mac address is 1.

32

00:04:06,873  -->  00:04:18,000
Let’s try show run, here we can see in the fa0/2,
remember that we configure mac address sticky,

33

00:04:18,953  -->  00:04:26,046
and after server 2 send packet to
server 3, server 2 is registered to fa0/2

34

00:04:26,046  -->  00:04:32,455
automatically like this. So this command
is added automatically by the switch.

35

00:04:33,573  -->  00:04:41,368
Let’s make sure that this is the mac address
of server 2, open the server 2, go to config,

36

00:04:41,940  -->  00:04:51,966
fa0, here the end of mac address is

37
23:c1, this is same as in the switch.

38

00:04:53,181  -->  00:05:01,866
Okay so now the switch recognize that
the valid computer for fa0/2 is server 2.

39

00:05:02,633  -->  00:05:10,613
I think enough for this video, you can do testing
by your self, so unplug the cable from server 2

40

00:05:10,613  -->  00:05:16,262
and plug it to the hacker, you will see
that the interface will be shutdown.

41

00:05:17,445  -->  00:05:22,138
In the next video, we are going
to learn about other violation,

42

00:05:22,369  -->  00:05:24,864
which is protect and restrict.

43

00:05:25,436  -->  00:05:28,811
Thankyou for watching and see you on the next video