1
00:00:00,090 --> 00:00:07,710
SNP security is another important point of networked device security, first of all, you should check

2
00:00:07,710 --> 00:00:11,850
whether access to devices has been restricted by access control list.

3
00:00:13,610 --> 00:00:19,700
As mentioned before, S&amp;P has three versions in version one and two.

4
00:00:21,310 --> 00:00:27,670
Packets are transmitted as clear text, so the traffic between the client and the server is visible

5
00:00:27,670 --> 00:00:33,220
for the third parties who listen to the network traffic and learn the S&amp;P community name.

6
00:00:34,780 --> 00:00:38,350
In addition, there's just no authorization mechanism.

7
00:00:40,340 --> 00:00:45,680
S&amp;P, V3 was developed due to the weaknesses identified in the first two version.

8
00:00:46,760 --> 00:00:53,630
It has encryption and authorisation features, but it does not have a mechanism to secure the community

9
00:00:53,630 --> 00:00:53,930
name.

10
00:00:56,190 --> 00:01:03,090
Port security is a feature that can help secure access to the physical network we've been using the

11
00:01:03,090 --> 00:01:05,310
Cisco switch and router throughout the course.

12
00:01:05,580 --> 00:01:08,790
So I'm going to explain the port security on Cisco devices.

13
00:01:10,470 --> 00:01:15,360
Cisco iOS is the operating system of Cisco routers and network switches.

14
00:01:17,030 --> 00:01:23,810
And it has the port security feature, which can be used to restrict the Mac address of the devices

15
00:01:23,810 --> 00:01:26,870
that connect to each of the physical switch ports.

16
00:01:28,590 --> 00:01:30,870
Cisco port security can help to.

17
00:01:32,020 --> 00:01:36,760
Tricked the Mac address or addresses that can connect through a switchboard.

18
00:01:39,080 --> 00:01:43,130
Restrict a number of Mac addresses that can connect through a switchboard.

19
00:01:44,530 --> 00:01:47,770
Set aging of the Mac addresses registered.

20
00:01:49,270 --> 00:01:53,770
It can also set the action to take when there is a violation detected.

21
00:01:56,050 --> 00:01:59,760
So there are three action modes in case of a violation.

22
00:02:01,780 --> 00:02:08,920
Protect drops packets with unknown source addresses until you remove a sufficient number of secure Mac

23
00:02:08,920 --> 00:02:11,350
addresses to drop below the maximum value.

24
00:02:12,710 --> 00:02:20,000
Restrict drops packets with unknown source addresses until you remove a sufficient number of secure

25
00:02:20,000 --> 00:02:26,750
Mac addresses to drop below the maximum value, and it causes a security violation counter to incriminate.

26
00:02:28,370 --> 00:02:36,560
Shutdown puts the interface into the error disabled state immediately and sends an S&amp;P Trepp notification.

27
00:02:37,460 --> 00:02:39,440
This is the default action.

28
00:02:42,000 --> 00:02:46,530
So here, I'll put up some port security usage examples.

29
00:02:47,960 --> 00:02:54,200
The first three lines are to be able to start using port security function to begin with, enter the

30
00:02:54,200 --> 00:03:02,150
configure terminal and the interface you want to configure, and then set the port mode as access.

31
00:03:03,380 --> 00:03:10,430
The default port mode is dynamic, desirable, and you cannot configure port in dynamic desirable.

32
00:03:12,440 --> 00:03:19,280
If you use port security without any parameter, it enables the port security on the switchboard with

33
00:03:19,280 --> 00:03:21,650
the defaults and the defaults are.

34
00:03:23,160 --> 00:03:24,840
One Mac address allowed.

35
00:03:26,500 --> 00:03:29,500
First connected Mac address is set statically.

36
00:03:30,410 --> 00:03:33,530
And disabled port, if there is a violation.

37
00:03:34,960 --> 00:03:41,470
So if you use the function with Mac address parameter, only this server with a specified Mac address

38
00:03:41,470 --> 00:03:42,100
is allowed.

39
00:03:43,180 --> 00:03:50,590
Max parameter is used to set the maximum number of Mac addresses allowed on the secure report, if you

40
00:03:50,590 --> 00:03:54,400
don't set the max value, the default number is one hundred twenty eight.

41
00:03:55,030 --> 00:04:02,560
And you can identify how long will the port security roles be active using the aging time parameter?

42
00:04:03,680 --> 00:04:06,500
And the value, as always, is in minutes.

43
00:04:07,530 --> 00:04:11,970
So listen, I want to thank you for choosing us and I hope to see you in another course.

44
00:04:12,600 --> 00:04:13,740
You might just learn something.

45
00:04:14,460 --> 00:04:15,210
See you next time.