1

00:00:00,648  -->  00:00:05,866
In the previous video, we already learn about
violation protect and shutdown,

2

00:00:06,520  -->  00:00:11,411
next in this video, we are going to learn about violation
restrict.

3

00:00:12,523  -->  00:00:19,102
Remember that protect and restrict is same,
the only differences is, if we use violation

4

00:00:19,102  -->  00:00:26,410
protect, the security violation count will
never increase, but if we use violation restrict,

5

00:00:26,548  -->  00:00:29,317
the security violation count will increase.

6

00:00:31,416  -->  00:00:33,403
Okay let’s just start.

7

00:00:35,467  -->  00:00:46,129
In this case, I will add 1 more server, let’s
say this is server 4, and then connecting this

8

00:00:46,129  -->  00:00:55,779
server to the switch, here we can see that
the interface is fa0/5.

9

00:00:57,000  -->  00:01:03,512
So we will configure port security with violation
restrict in fa0/5.

10

00:01:04,223  -->  00:01:10,222
Let’s start, go to interface fa0/5,

11

00:01:10,990  -->  00:01:15,893
and then switchport port security to enable port
security.

12

00:01:17,590  -->  00:01:26,359
Okay here we can see that we get an error
“command rejected, fa0/5 is dynamic port”.

13

00:01:27,265  -->  00:01:34,360
Remember that we need to change the mode to
access first before configuring port security.

14

00:01:35,128  -->  00:01:44,235
So here switchport mode access, and then switchport
port-security again.

15

00:01:45,301  -->  00:01:49,399
Okay here we can see that we don’t get an
error anymore.

16

00:01:50,248  -->  00:02:03,428
Next let’s configure mac address to sticky,
configure maximum to 1 and violation restrict.

17

00:02:06,203  -->  00:02:12,236
Okay now we have done configuring port security
on fa0/5.

18

00:02:12,740  -->  00:02:18,870
Let’s check it, do show port-security interface
fa0/5.

19

00:02:20,120  -->  00:02:28,370
Here we can see port security is enable, violation
restrict, and sticky mac address is still 0.

20

00:02:29,065  -->  00:02:32,801
This is means that server 4 is not registered
yet.

21

00:02:33,500  -->  00:02:40,148
Let’s send a packet from server 4, but before
that, we need to configure an ip address on

22

00:02:40,148  -->  00:02:41,493
server 4 first.

23

00:02:42,398  -->  00:02:51,899
Let’s say the ip address is 192.168.1.6,
now let’s try to send packet from server 4

24

00:02:51,899  -->  00:02:53,371
to server 1.

25

00:02:54,357  -->  00:02:59,404
Success, server 4 to server 3, also success.

26

00:03:00,310  -->  00:03:08,243
Now let’s test the port security, unplug
the cable from server 4 and plug the cable

27

00:03:08,243  -->  00:03:09,704
to the hacker.

28

00:03:09,968  -->  00:03:16,485
The light is still orange, click fast forward
time, okay here already green.

29

00:03:17,173  -->  00:03:25,147
Let’s test send a packet from hacker to
server 3, the result is failed, test again,

30

00:03:26,088  -->  00:03:27,077
still failed.

31

00:03:27,822  -->  00:03:36,947
Let’s test from hacker to server 1, failed,
test again, still failed.

32

00:03:38,334  -->  00:03:43,244
Okay, now pc hacker can not send any packet
to anywhere.

33

00:03:44,241  -->  00:03:52,558
But here the light is still green, this is
means that fa0/5 is not shutdown.

34

00:03:53,807  -->  00:04:01,058
So remember that restrict is same as protect,
the interface will not shutdown but the packet

35

00:04:01,058  -->  00:04:02,328
will be blocked.

36

00:04:03,187  -->  00:04:11,536
Now let’s check port security interface,
do show port-security interface fa0/5.

37

00:04:12,694  -->  00:04:19,014
Here we can see that security violation count
will increase based on how many time pc hacker

38

00:04:19,014  -->  00:04:20,553
send a packet.

39

00:04:21,585  -->  00:04:28,072
Now the security violation count is 4, let’s
try to send packet again from pc hacker,

40

00:04:32,940  -->  00:04:45,052
Back to the switch, do show port security
interface fa0/5, here we can see that now

41

00:04:45,052  -->  00:04:47,665
security violation count is 5.

42

00:04:48,880  -->  00:04:55,128
So remember that security violation count
will increase based on how many time pc hacker

43

00:04:55,128  -->  00:04:56,619
send a packet.

44

00:04:58,339  -->  00:05:01,013
Okay I think enough for this video.

45

00:05:01,288  -->  00:05:04,799
Thankyou for watching and see you on the next
video