1
00:00:00,200 --> 00:00:05,180
SNMp security is another important point of network device security.

2
00:00:05,330 --> 00:00:12,020
First of all, you should check whether access to devices has been restricted by access control lists.

3
00:00:13,460 --> 00:00:19,880
As mentioned before, SNP has three versions in version one and two.

4
00:00:21,240 --> 00:00:27,570
Packets are transmitted as clear text, so the traffic between the client and the server is visible

5
00:00:27,570 --> 00:00:33,360
for the third parties who listen to the network traffic and learn the SNP community name.

6
00:00:34,490 --> 00:00:38,480
In addition, there's just no authorization mechanism.

7
00:00:40,080 --> 00:00:45,930
SNP v three was developed due to the weaknesses identified in the first two versions.

8
00:00:46,470 --> 00:00:53,520
It has encryption and authorization features, but it does not have a mechanism to secure the community

9
00:00:53,550 --> 00:00:54,120
name.

10
00:00:56,080 --> 00:01:01,390
Port security is a feature that can help secure access to the physical network.

11
00:01:02,080 --> 00:01:06,880
We've been using the Cisco switch and router throughout the course, so I'm going to explain the port

12
00:01:06,880 --> 00:01:08,950
security on Cisco devices.

13
00:01:10,220 --> 00:01:11,000
Cisco.

14
00:01:11,030 --> 00:01:15,500
iOS is the operating system of Cisco routers and network switches.

15
00:01:16,890 --> 00:01:23,880
And it has the port security feature which can be used to restrict the Mac address of the devices that

16
00:01:23,880 --> 00:01:27,030
connect to each of the physical switch ports.

17
00:01:28,330 --> 00:01:31,030
Cisco port security can help to.

18
00:01:31,950 --> 00:01:36,900
Tricked the Mac address or addresses that can connect through a switch port.

19
00:01:38,920 --> 00:01:43,270
Restrict the number of Mac addresses that can connect through a switch port.

20
00:01:44,240 --> 00:01:47,900
Set aging of the Mac addresses registered.

21
00:01:48,980 --> 00:01:53,930
It can also set the action to take when there is a violation detected.

22
00:01:55,770 --> 00:01:59,910
So there are three action modes in case of a violation.

23
00:02:01,620 --> 00:02:08,820
Protect drops packets with unknown source addresses until you remove a sufficient number of secure Mac

24
00:02:08,820 --> 00:02:11,490
addresses to drop below the maximum value.

25
00:02:12,420 --> 00:02:19,920
Restrict drops packets with unknown source addresses until you remove a sufficient number of secure

26
00:02:19,920 --> 00:02:26,910
Mac addresses to drop below the maximum value and it causes a security violation counter to increment.

27
00:02:28,150 --> 00:02:36,700
Shut down puts the interface into the error disabled state immediately and sends an SNMp trap notification.

28
00:02:37,230 --> 00:02:39,570
This is the default action.

29
00:02:41,780 --> 00:02:46,700
So here I'll put up some port security usage examples.

30
00:02:47,800 --> 00:02:53,380
The first three lines are to be able to start using port security function to begin with.

31
00:02:53,470 --> 00:03:02,320
Enter the configure terminal and the interface you want to configure and then set the port mode as access.

32
00:03:03,070 --> 00:03:10,570
The default port mode is dynamic, desirable, and you cannot configure a port in dynamic desirable.

33
00:03:12,180 --> 00:03:19,170
If you use port security without any parameter, it enables the port security on the switch port with

34
00:03:19,170 --> 00:03:21,840
the defaults and the defaults are.

35
00:03:22,940 --> 00:03:24,980
One Mac address allowed.

36
00:03:26,340 --> 00:03:29,670
First connected Mac address is set statically.

37
00:03:30,320 --> 00:03:33,680
And disable port if there is a violation.

38
00:03:34,720 --> 00:03:41,380
So if you use the function with Mac address parameter, only the server with a specified Mac address

39
00:03:41,380 --> 00:03:42,250
is allowed.

40
00:03:42,990 --> 00:03:49,500
Max parameter is used to set the maximum number of Mac addresses allowed on the secure port.

41
00:03:50,010 --> 00:03:58,380
If you don't set the max value, the default number is 128 and you can identify how long will the port

42
00:03:58,380 --> 00:04:02,730
security roles be active using the aging time parameter?

43
00:04:03,530 --> 00:04:06,680
And the value, as always, is in minutes.

44
00:04:07,290 --> 00:04:12,180
So, listen, I want to thank you for choosing us, and I hope to see you in another course.

45
00:04:12,330 --> 00:04:13,980
You might just learn something.

46
00:04:14,220 --> 00:04:15,240
See you next time.