Packet Tracer and Port Security

zobo88

is simulation of switch port security function supported in Packet Tracer?

I have tried and it seems that nothing is happening

billyr

Yes I believe it is.

e.g.

#int f0/1
#switchport mode access
#switchport port-security
#switchport port-security max 1
#switchport port-security mac sticky
#switchport port-security violation shutdown

billyr

Just had a quick check for you, definately supported:

Switch(config-if)#int f0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security ?
mac-address Secure mac address
maximum Max secure addresses
violation Security violation mode
<cr>

waymorr

Depends on which version you are using version 4 doesn't but Packet Tracer 5 does

zobo88

Thanks
I do understand that commands are there but does it actually shuwtdown the port in case of violation ?

please see below, I defined port security on a port and than connected a PC end device (with a different mac) to that port, the pc's mac appeared in mac table but it did not shut down the port ?

Switch#

    
Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#int f0/1
Switch(config-if)#

Switch(config-if)#switchport mode access 
Switch(config-if)#switchport port-security 
Switch(config-if)#switchport port-security max 1
Switch(config-if)#switchport port-security mac 0001.C902.2CC7
Switch(config-if)#
Switch(config-if)#exit
Switch(config)#
Switch(config)#exit
%SYS-5-CONFIG_I: Configured from console by console
Switch#
Switch#
Switch#show port-security interface fastEthernet 0/1
Port Security              : Enabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 1
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 0

Switch#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
Switch#
Switch#
Switch#show port-security interface fastEthernet 0/1
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 1
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 0

Switch#show mac
Switch#show mac-address-table 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

   1    0001.c902.2cc7    STATIC      Fa0/1
Switch#
Switch#
Switch#
Switch#
Switch#show mac-address-table 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

   1    0001.c902.2cc7    STATIC      Fa0/1
Switch#show port-security interface fastEthernet 0/1
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 1
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 0

jjbrog

In one of our pt assignments at school it didn't work for us either, so instaid of another PC we used another switch and that triggered it.

zobo88

neither does PT Supports commands like show interfaces status and show port-security (without any arguments)

sachindivakar

Switch(config)#int fa 0/2
Switch(config-if)#switch
Switch(config-if)#switchport port
Switch(config-if)#switchport mode ac
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port
Switch(config-if)#switchport port-security maxiu
Switch(config-if)#switchport port-security maxi
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security viol
Switch(config-if)#switchport port-security violation sh
Switch(config-if)#^Z
Switch#
%SYS-5-CONFIG_I: Configured from console by console

Switch#sh por
Switch#sh port-security interfa
Switch#sh port-security interface f 0/2
Port Security : Disabled
Port Status : Secure-down
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
am having similar problems with access lists also

518

Im using PT 5.3.2 and it works. Once you connected the new device, you need to generate a traffic for it to trigger port security violation. At least on my experience, it wont just shutdown the port just because I connected another device. Soon as I sent a ping, the port was shut-down.

EDIT:

forgot one last thing, you need to type "switchport port-security" to actually enable port security. I just tested it on PT 5.3.2.

sachindivakar

thnx though am still not clear where to type "switchport port-security"

sachindivakar

thanx dude i got it now

thanx 518

thanx a lot i have some problems with access list too can u help me with that too
???
:

ciscoman2012

sachindivakar wrote: »

thnx though am still not clear where to type "switchport port-security"

You want to type this on the interface that you want to enable switchport security for. This command enables the security feature.