Port Security on cisco

Port security adalah fitur cisco device yang dapat digunakan untuk mengamankan port. Port tersebut dapat difilter berdasarkan mac-address sehingga hanya device yang memiliki mac-address tertentu saja yang dapat terhubung ke port tersebut. Kali ini saya akan membahas fitur port-security di cisco device.

Topologi

port-security Alokasi ip address :
PC1 = 192.168.1.1/24                   PC2=192.168.1.2/24

Sebelumnya lakukan uji ping dari pc1 ke pc2

PC>ping 192.168.1.2

Pinging 192.168.1.2 with 32 bytes of data:

Reply from 192.168.1.2: bytes=32 time=0ms TTL=128
Reply from 192.168.1.2: bytes=32 time=0ms TTL=128
Reply from 192.168.1.2: bytes=32 time=0ms TTL=128
Reply from 192.168.1.2: bytes=32 time=0ms TTL=128

Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms

Konfigurasi di IDN-Switch

IDN-Switch(config-if)#int fa0/1
IDN-Switch(config-if)#switchport mode access
IDN-Switch(config-if)#switchport port-security 
IDN-Switch(config-if)#switchport port-security mac-address sticky
IDN-Switch(config-if)#switchport port-security violation shutdown

mac-adddress sticky maksudnya port yg diinjinkan adalah mac address untuk device yang sedang terhubung ke port tersebut.

violation pada port-security ada 3:

protect, akan drop ethernet frame
restric, akan drop ethernet frame dan dapat dilihat lognya
shutdown, port nya disable

Periksa hasil konfigurasi

Switch(config-if)#do show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
            (Count)       (Count)     (Count)
--------------------------------------------------------------------
Fa0/1       1             0           0                 Shutdown
----------------------------------------------------------------------
Switch(config-if)#

Pengujian

Tukarkan port yang terhubung dari pc1 ke switch fa0/2 dan dari pc2 ke switch fa0/1.  Lalu uji koneksi

PC>ping 192.168.1.2

Pinging 192.168.1.2 with 32 bytes of data:

Request timed out.
Request timed out.
Request timed out.
Request timed out.

Ping statistics for 192.168.1.2:
Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),

Dan bila dilihat, interface tersebut down.

port-security2

Switch#show ip interface brief
Interface       IP-Address   OK?   Method   Status Protocol
FastEthernet0/1 unassigned   YES   manual   down   down
FastEthernet0/2 unassigned   YES   manual   up     up

 

 

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s