How to configure port security on Cisco switches

944 views

cisco

Overview

In some environments, a network must be secured by controlling what stations can gain access to the network itself. Port security is a feature used on Cisco Catalyst switches which limits the MAC addresses allowed to appear on a specific port. In most cases network administrators use this to secure access to the physical network.

Using this feature only predefined static MAC addresses or limited number of dynamic MAC addresses can access the network. Suppose a user tries to connect to a port which has port security enabled and his MAC address does not appear on the list of allowed MAC addresses. In this case the port will be shut down or the packets arriving on that port will be dropped with a specific action. To resolve this issue the port must be re-enabled manually by the network administrator or automatically after a period of time if the errdisable cause is configured for automatic recovery (by default after 300 seconds).

Continue reading…

Configuring SSH on Cisco routers and switches

1,548 views

cisco

Overview

Older IOS images on Cisco devices used telnet as default login method for the vty lines. Nowadays using telnet is not safe because all traffic including usernames and passwords is transmitted in clear text. This way anybody using a protocol analyzer can gain access to the data. Lately telnet access method has been replaced by SSH which offers increased security by encrypting all traffic between source and destination. SSH protocol comes in two versions SSH1 and SSH2. Communication between the client and server is encrypted in both versions. You should implement SSH version 2 when possible because it uses a more enhanced security encryption algorithm. SSH1 became available in Cisco’s IOS, starting with release 12.1(1)T. In order to use SSH2 you need a IOS version 12.3(4)T or newer.

Continue reading…