1 00:00:00,648 --> 00:00:05,866 In the previous video, we already learn about violation protect and shutdown, 2 00:00:06,520 --> 00:00:11,411 next in this video, we are going to learn about violation restrict. 3 00:00:12,523 --> 00:00:19,102 Remember that protect and restrict is same, the only differences is, if we use violation 4 00:00:19,102 --> 00:00:26,410 protect, the security violation count will never increase, but if we use violation restrict, 5 00:00:26,548 --> 00:00:29,317 the security violation count will increase. 6 00:00:31,416 --> 00:00:33,403 Okay let’s just start. 7 00:00:35,467 --> 00:00:46,129 In this case, I will add 1 more server, let’s say this is server 4, and then connecting this 8 00:00:46,129 --> 00:00:55,779 server to the switch, here we can see that the interface is fa0/5. 9 00:00:57,000 --> 00:01:03,512 So we will configure port security with violation restrict in fa0/5. 10 00:01:04,223 --> 00:01:10,222 Let’s start, go to interface fa0/5, 11 00:01:10,990 --> 00:01:15,893 and then switchport port security to enable port security. 12 00:01:17,590 --> 00:01:26,359 Okay here we can see that we get an error “command rejected, fa0/5 is dynamic port”. 13 00:01:27,265 --> 00:01:34,360 Remember that we need to change the mode to access first before configuring port security. 14 00:01:35,128 --> 00:01:44,235 So here switchport mode access, and then switchport port-security again. 15 00:01:45,301 --> 00:01:49,399 Okay here we can see that we don’t get an error anymore. 16 00:01:50,248 --> 00:02:03,428 Next let’s configure mac address to sticky, configure maximum to 1 and violation restrict. 17 00:02:06,203 --> 00:02:12,236 Okay now we have done configuring port security on fa0/5. 18 00:02:12,740 --> 00:02:18,870 Let’s check it, do show port-security interface fa0/5. 19 00:02:20,120 --> 00:02:28,370 Here we can see port security is enable, violation restrict, and sticky mac address is still 0. 20 00:02:29,065 --> 00:02:32,801 This is means that server 4 is not registered yet. 21 00:02:33,500 --> 00:02:40,148 Let’s send a packet from server 4, but before that, we need to configure an ip address on 22 00:02:40,148 --> 00:02:41,493 server 4 first. 23 00:02:42,398 --> 00:02:51,899 Let’s say the ip address is 192.168.1.6, now let’s try to send packet from server 4 24 00:02:51,899 --> 00:02:53,371 to server 1. 25 00:02:54,357 --> 00:02:59,404 Success, server 4 to server 3, also success. 26 00:03:00,310 --> 00:03:08,243 Now let’s test the port security, unplug the cable from server 4 and plug the cable 27 00:03:08,243 --> 00:03:09,704 to the hacker. 28 00:03:09,968 --> 00:03:16,485 The light is still orange, click fast forward time, okay here already green. 29 00:03:17,173 --> 00:03:25,147 Let’s test send a packet from hacker to server 3, the result is failed, test again, 30 00:03:26,088 --> 00:03:27,077 still failed. 31 00:03:27,822 --> 00:03:36,947 Let’s test from hacker to server 1, failed, test again, still failed. 32 00:03:38,334 --> 00:03:43,244 Okay, now pc hacker can not send any packet to anywhere. 33 00:03:44,241 --> 00:03:52,558 But here the light is still green, this is means that fa0/5 is not shutdown. 34 00:03:53,807 --> 00:04:01,058 So remember that restrict is same as protect, the interface will not shutdown but the packet 35 00:04:01,058 --> 00:04:02,328 will be blocked. 36 00:04:03,187 --> 00:04:11,536 Now let’s check port security interface, do show port-security interface fa0/5. 37 00:04:12,694 --> 00:04:19,014 Here we can see that security violation count will increase based on how many time pc hacker 38 00:04:19,014 --> 00:04:20,553 send a packet. 39 00:04:21,585 --> 00:04:28,072 Now the security violation count is 4, let’s try to send packet again from pc hacker, 40 00:04:32,940 --> 00:04:45,052 Back to the switch, do show port security interface fa0/5, here we can see that now 41 00:04:45,052 --> 00:04:47,665 security violation count is 5. 42 00:04:48,880 --> 00:04:55,128 So remember that security violation count will increase based on how many time pc hacker 43 00:04:55,128 --> 00:04:56,619 send a packet. 44 00:04:58,339 --> 00:05:01,013 Okay I think enough for this video. 45 00:05:01,288 --> 00:05:04,799 Thankyou for watching and see you on the next video