Networking - Tech Like This https://techlikethis.com Technology News Daily Sat, 05 Aug 2023 08:10:11 +0000 en-US hourly 1 https://wordpress.org/?v=6.4.3 215328379 Top Technology Inventions or Innovations of 2022 for 5G Networks https://techlikethis.com/2023/08/01/top-technology-inventions-or-innovations-of-2022-for-5g-networks/?utm_source=rss&utm_medium=rss&utm_campaign=top-technology-inventions-or-innovations-of-2022-for-5g-networks Tue, 01 Aug 2023 12:25:11 +0000 https://techlikethis.com/?p=3557 Here are some of the top technology inventions and innovations related to 5G networks in 2022: • Wider rollout and commercialization of 5G networks and connectivity continued, especially in major cities and densely populated areas. More smartphone and device models with 5G support also became available. • Network operators began launching standalone 5G networks that […]

The post Top Technology Inventions or Innovations of 2022 for 5G Networks first appeared on Tech Like This.

]]>
Here are some of the top technology inventions and innovations related to 5G networks in 2022:

• Wider rollout and commercialization of 5G networks and connectivity continued, especially in major cities and densely populated areas. More smartphone and device models with 5G support also became available.

• Network operators began launching standalone 5G networks that do not rely on 4G infrastructure. Standalone 5G offers lower latency and paves the way for future technologies like network slicing.

• Mid-band 5G spectrum auctions took place in several countries, providing more capacity for 5G services beyond just millimeter wave bands. Mid-band 5G offers a better balance of coverage and speeds.

• Private 5G networks designed for specific use cases and industries began launching for early adopters. These private networks promise benefits like higher reliability, security and customization.

• Multicast services that enable one-to-many content streaming over 5G were trialled by some carriers. This could improve the efficiency of streaming video and other data to large numbers of users.

• Massive MIMO and 3D beamforming technologies continued to evolve for directing millimeter wave 5G signals more precisely. This helps improve coverage and throughput of 5G networks.

• New 5G use cases and applications were commercialized in areas like augmented/virtual reality, automated driving, telemedicine, smart cities and Industry 4.0. However, wider adoption will take more time.

The key innovations for 5G in 2022 centered around the expansion of 5G coverage through mid-band spectrum, the deployment of standalone 5G networks, the launch of private 5G networks, and the continuing evolution of enabling technologies like Massive MIMO. However, fully realizing the promised benefits of 5G for consumers and industries remains a work in progress.

The post Top Technology Inventions or Innovations of 2022 for 5G Networks first appeared on Tech Like This.

]]>
3557
Six Things That Slow Down Wi-Fi and What You Can Do To Fix Them https://techlikethis.com/2022/10/02/six-things-that-slow-down-wi-fi-and-what-you-can-do-to-fix-them/?utm_source=rss&utm_medium=rss&utm_campaign=six-things-that-slow-down-wi-fi-and-what-you-can-do-to-fix-them Sun, 02 Oct 2022 17:30:00 +0000 https://techlikethis.com/2022/10/02/6-things-slowing-down-your-wi-fi-and-what-to-do-about-them/ New Africa/Shutterstock.com Slow Wi-Fi speeds can be a problem due to the extent to which people rely on it for work and entertainment. These are the most common reasons for Wi-Fi problems and how to fix them. Assess Your General Network First Before we dive into the common reasons your Wi-Fi performance is less than […]

The post Six Things That Slow Down Wi-Fi and What You Can Do To Fix Them first appeared on Tech Like This.

]]>

Slow Wi-Fi speeds can be a problem due to the extent to which people rely on it for work and entertainment. These are the most common reasons for Wi-Fi problems and how to fix them.

Assess Your General Network First

Before we dive into the common reasons your Wi-Fi performance is less than expected, let’s get a few things out of the way so you can better troubleshoot your Wi-Fi speed issues.

First, don’t rely on a smartphone (or a laptop using Wi-Fi) for your speed test. A smartphone can’t be used to speed test your internet connection.

Before you blame Wi-Fi for your troubles, make sure that your connection is running at optimum speed. This will help to identify any other issues such as a slow internet modem or ISP.

Second, Wi-Fi speeds are deceptive. The Wi-Fi speeds your hardware claims it can perform, in terms of advertising and labeling, are not the same as what it is capable of doing under actual-world conditions.

Even with a fiber connection that meets or exceeds the advertised speeds of your Wi-Fi router, you won’t get the advertised speed to your phone or laptop.

Instead of approaching your Wi-Fi problem from the standpoint of “Am I getting the full capacity of my internet connection to every device?” which is not how Wi-Fi works, approach it instead from the standpoint of “Am I getting expected performance based on my internet connection and the hardware I have?” and “Has my Wi-Fi experience recently degraded in quality?”

You can’t make a 5Mbps DSL connection faster with cutting-edge Wi-Fi hardware, and even with cutting-edge Wi-Fi hardware and a fiber connection, you’re not going to exceed the inherent limits of the Wi-Fi standard.

However, there are things you can do if you don’t get the desired performance.

Old Wi-Fi routers can impact performance

Everybody hates spending money, and it’s frustrating to replace functional, albeit underperforming, hardware. The reality is that Wi-Fi hardware has improved steadily over time.

If you’re still using an old router you picked up at Best Buy ten years ago or the lackluster Wi-Fi router built into the router/cable modem combo unit your ISP gave you, you’re not going to have a great time. Further, while some of the tips below might help you if you have an old Wi-Fi router, there’s really no replacement for biting the bullet and buying a new router.

Especially for folks with otherwise new hardware—newer smartphones, a new smart TV, etc.—it makes sense to upgrade as pairing newer devices with old hardware is hobbling their performance.

Significance of strength is weakened by poor routing

The only thing worse than having an old Wi-Fi router is parking your Wi-Fi router in a terrible location—and if you have both an old and poorly placed outer, you’re going to have a really bad time.

If you need bright task lighting in your living room, you don’t put your high-power LED work light down in the corner of the basement.

And by that same measure, if you want really strong Wi-Fi where you actually use your Wi-Fi devices—like your living room and bedroom—you don’t put the Wi-Fi router down in the basement with the washing machine.

You can easily move your Wi Fi router. You just need to ensure that the router is placed in a location where it will be most useful for your day.

Too many devices slow down hardware that is underpowered

One of the biggest advantages of newer Wi-Fi hardware isn’t just the improved speeds that come with each new Wi-Fi generation but an overall increase in power and the number of devices the Wi-Fi router can handle.

Even if you’re not chasing performance benchmarks to show off your new 2Gbps fiber line, you’ll benefit from a newer Wi-Fi router if you have a plethora of devices in your home.

We want to emphasize that it’s the number of devices and not the number of users that you want to focus on. Increasingly devices, even when they aren’t in use, have a fairly high bandwidth overhead and place demands on your network you might not expect.

Cloud-based security cameras use a lot of bandwidth, as do a variety of other smart home devices—you’d be surprised how many bandwidth vampires there are around your home. Many people think that heavy bandwidth consumption is a sign of a problem. However, many devices that are using bandwidth will also be using Wi-Fi.

Add up all the computers, tablets, smartphones, consoles, streaming devices, smart TVs, smart home accessories, and more found in a modern home, and you’re looking at a list that easily brushes up to or exceeds the capacity of older routers.

While we’re talking about too many devices on your Wi-Fi network, we’d encourage you think about taking devices off your Wi-Fi network. No, we don’t mean living a life with an Xbox or smart TV fully disconnected from the internet—we mean switching any devices you can over to Ethernet to free You can free up space for Wi-Fi devices that are still active.

Speed of cables and hardware that is older reduces

This one is really easy to overlook if you’re not much of a networking nerd. While the Wi-Fi router itself and the Wi-Fi capabilities of the endpoint devices like your smartphone or smart TV are a huge part of the Wi-Fi performance puzzle, you don’t want to neglect the simple physical bits that tie your network together.

If you have outdated Cat5 cables or an outdated 10/100 network switch mixed in with your network hardware you’re unwittingly hobbling your network speeds.

People with sub-100Mbps broadband may not be able to notice an old switch affecting their performance. But if they have better broadband than you, the cables and hardware could slow down their speed.

You can avoid this by making sure that the cables connecting different components of your network are at least Cat5E. Or better, Cat6. And if you’re using network switches upgrade them from 10/100 switches to gigabit switches. Unmanaged gigabit switches Cat6 patch cables These days, they are extremely cheap.

Channel Congestion Dings Wi-Fi Performance

Wi-Fi channel congest is caused by multiple Wi-Fi device using the same frequency (or channel) in the same area.

It can adversely affect your network if another person has a Wi-Fi router that is similar to yours, and you are close enough so their router broadcasts directly into your living area.

It is more common for devices in the 2.4Ghz spectrum than it is on the 5Ghz, however you need to be aware of this regardless of whether you live in an apartment building or densely populated neighborhood. You’ll need to identify which channels are the most congested and refer to the documentation for your particular router to change to less congested channels.

The Wi-Fi extenders increase reach, but decrease speed

If you’ve struggled with Wi-Fi issues like slow speeds or lackluster covered, there’s a good chance you’ve considered using a Wi-Fi extender and possibly have one in your home right now.

Wi-Fi extenders are popular, but they have an unfortunate reputation for poor network performance.

If properly used, they will increase your network’s reach, but they also can cause congestion and latency in the network, as well as reduced speed.

Temporarily unplug your Wi-Fi extension to rule out it being a cause of Wi-Fi network problems. If the extender has been disabled, you can check the performance of your Wi-Fi network with devices that are connected to it directly. Performance improvements may indicate that there is a problem, or possibly two, with your network.

First, your Wi-Fi extender may be poorly configured and deployed—use these tips and tricks to get better performance. The extender’s additional coverage and the added devices that you have connected to your network may cause more problems than the main router can handle.

In that case, it’s probably a good idea to just abandon the router + extender configuration and replace it with a more robust mesh network. You can upgrade to a mesh network by simultaneously updating your router and mating it to wireless extenders that are supercharged.

The post Six Things That Slow Down Wi-Fi and What You Can Do To Fix Them first appeared on Tech Like This.

]]>
517
7 OSI Networking Layers – Explained in Detail https://techlikethis.com/2022/09/27/7-osi-networking-layers-explained-in-detail/?utm_source=rss&utm_medium=rss&utm_campaign=7-osi-networking-layers-explained-in-detail Tue, 27 Sep 2022 14:21:15 +0000 https://techlikethis.com/?p=211 Open Systems Interconnection (OSI) A networking layer, also known as a networking model or networking layer, is a framework for communicating between computer systems. The standard The seven fundamental networking layers are identified: From high-level software programs to physical hardware. Each layer handles a different networking function. Administrators may use this standard to aid them […]

The post 7 OSI Networking Layers – Explained in Detail first appeared on Tech Like This.

]]>
Open Systems Interconnection (OSI) A networking layer, also known as a networking model or networking layer, is a framework for communicating between computer systems. The standard The seven fundamental networking layers are identified: From high-level software programs to physical hardware.

Each layer handles a different networking function. Administrators may use this standard to aid them in visualizing networks, identifying problems and determining which new technology applications they should be using. Many network equipment companies advertise which OSI layer they can use with their products.

OSI became an internationally recognized standard in 1984. Even with the many changes made to network implementations since publication, it is still pertinent today. This model supports cloud, edge and IoT connectivity.

This article will cover each OSI level in detail. Start at the bottom with Layer 1.

 

1. Physical Layer

Physical equipment is the foundation of every network. This layer houses the hardware needed to communicate with switches, cables and routers. The data is sent as either a stream of binary digits (0 or 1) that the hardware prepares to receive. This layer is used to describe the signals that are used to encode data on wires. For example, a 5 volt pulse would indicate a binary number 1.

If the physical layer contains errors, data cannot be transmitted. The possibility of a connection being cut off could be caused by a missing or incorrect power supply. Problems can arise when two components have different ways of encoding data values. Wireless connections could be affected by a weak signal.

 

2. Data Link Layer

Communication between devices that are connected to the same network is the second layer in this model. This establishes an interface that permits data exchange via a protocol. Layer 2 houses many network switches.

At some point, the data link layer will send bits to physical layers. It is situated above the hardware. The data layer can correct physical transfer problems by performing basic error detection and correction. There are two layers that define the responsibilities. Logical Link ControlFrame synchronization and error detection are handled by. Media Access Control (MAC), which makes use of MAC addresses to restrict the number of devices that can be granted permission to transmit data.

 

3. Layer Network

Data transfer is possible between networks using the network layer. It is redundant in situations where multiple devices are connected to the same network.

Network layers receive data from other levels. This data is then divided into packets, which are transmitted. As a response, packets are received by the remote network. The packets then get reassembled into usable data.

Network layer is where many important protocols first appear. These protocols include IP, ICMP, routing and path determination. These systems make it easy to communicate with other networks. It is possible to make mistakes at this level. The messages may fail, or they might not work again.

 

4. Transport Layer

Transport layer coordinates data transfer between devices. It is up to the transport controller where and when data should go.

Layer 4 hosts UDP and TCP. This layer provides port numbers which enable multiple communication channels to be exposed by devices. Layer 4 houses load balancing. This allows traffic to flow from one port on the target device to another.

Transport mechanisms are expected to ensure communication success. For the purpose of recovering lost packets, and to attempt unsuccessful transfers again, there are strict error controls. The flow control feature is used to make sure that data not sent faster than bandwidth permits does not overload the remote device.

 

5. Session Layer

Layer 5 allows two devices to communicate continuously. Session can be used for new connections and to negotiate their lengths. After the exchange of data has ended, the connection can then gracefully be terminated. The layer makes sure that sessions remain open long enough for data transmission.

Layer 5 has the responsibility of controlling checkpoints and monitoring them. Sessions can be used to create checkpoints in order to facilitate the transmission of progress updates or resumable transmissions. Checkpoints are created for file uploads every few megabytes. This allows the sender to keep the transmission going at the same point even if the connection is lost.

Many important protocols are found in Layer 5, including logon and authentication technologies such as LDAP or NetBIOS. These protocols create semi-permanent communication links to control an end-user session for a specific device.

 

6. Presentation Layer

This layer creates the data needed for the next layer. After data is transferred from the hardware via the transport and through the data link, the system will be ready to use high-level components. The presentation layer completes this process by formatting any data that might be needed.

The level houses three operations, decryption or decoding. Presentation layers convert received data to formats usable for client applications. Also, the presentation layer converts outbound-bound information into compressed and encrypted formats which can be used in network transmission.

TLS, a key technology in the presentation layer, is an example of this. Prior to requests reaching the network client, encryption of data and verification of certificates are performed. It allows you to access information with the confidence it is genuine.

 

7. Application Layer

App layer is the top layer in the stack. It represents functionality, as it is perceived by network users. OSI provides an interface to facilitate complete data transfer without having to worry about data connections, data hardware, session, compression or data links.

This layer doesn’t relate to client-side software such as email clients or web browsers. An application, in OSI terminology, is any protocol that permits complex data to flow through layers 1 through 6.

The list of OSI Network Protocols It contains HTTP, FTP, DNS, and other information. These advanced mechanisms permit data transfers directly between an original device (or server), and a distant one. These layers are simple to comprehend.

 

OSI Networking layers Summary

These OSI layers describe how data can be transferred across computer networks. You can identify the source of the problem by understanding the roles and responsibilities for each level. This will allow you to determine which components are most appropriate.

OSI can be described as an abstract model that doesn’t necessarily correspond with specific network implementations. The TCP/IP Protocol is a simple system that uses only four layers: Network Access, Transport (Udpip protocols), Application and Transport. These abstractions absorb the equivalent OSI levels: The application layer spans OSIs L5 to L7, while the L1 and L2 layers are combined in TCP/IP’s concept of Network Access.

OSI still applies, even though it is not directly applicable in real-life. OSI is so well-known that OSI is used by administrators from all walks of the organization. Because of its high abstraction level, it is still relevant despite the many new networking paradigms being adopted by so many. Knowing the seven layers, and their responsibilities can help you to understand data flow in the network as well as find integration opportunities.

The post 7 OSI Networking Layers – Explained in Detail first appeared on Tech Like This.

]]>
211
How to configure Layer3 EtherChannels https://techlikethis.com/2022/09/25/how-to-configure-layer3-etherchannels/?utm_source=rss&utm_medium=rss&utm_campaign=how-to-configure-layer3-etherchannels Sun, 25 Sep 2022 11:35:59 +0000 https://techlikethis.com/?p=114 Step by Step Guide for Layer3 EtherChannels Configuration Step 1 Configure the physical interfaces as follows, in interface configuration mode: A. Add the channel-group number mode on the command to add it to the channel. Use the same number for all physical interfaces on the same switch. The number used (the channel-group number) can differ […]

The post How to configure Layer3 EtherChannels first appeared on Tech Like This.

]]>

Step by Step Guide for Layer3 EtherChannels Configuration

Step 1

Configure the physical interfaces as follows, in interface configuration mode:

A. Add the channel-group number mode on the command to add it to the channel. Use the same number for all physical interfaces on the same switch. The number used (the channel-group number) can differ on the two neighboring switches.

B. Use no switchport command to make each physical port a routed port.

Step 2

Configure the PortChannel interface:

A. Use the interface port-channel number command to move to port-channel configuration mode for the same channel number configured on the physical interfaces.

B. Add the no switchport command to make sure that the port-channel interface acts as a routed port. (IOS may have already added this command.)

C. Use the IP address mask command to configure the address and mask.

 

SVIs make sense at access switches. For routed point-to-point, layer-3 distribution and core switching and routing devices that are interconnected- it might make sense to use bundled EtherChannels.

Even though the physical interfaces and PortChannel interface are all routed ports, only place an IP address on the PortChannel interface- not the physical interfaces.

As soon as you utilize the no switchport command on the physical interfaces, IOS adds the no IP address command to the physical interface by default. From there, just add an IP address to the PortChannel interface.

The post How to configure Layer3 EtherChannels first appeared on Tech Like This.

]]>
114
Learning about Cisco Port Security https://techlikethis.com/2022/09/23/learning-about-cisco-port-security/?utm_source=rss&utm_medium=rss&utm_campaign=learning-about-cisco-port-security Fri, 23 Sep 2022 13:23:15 +0000 https://techlikethis.com/?p=87 Cisco Port Security Port security is just another way network engineers can lock down their network by using the variety of switchport security settings offered on Cisco switching equipment. This article will discuss locking down ports on Cisco switches on a layer 2 level. ACLs focus on source/destination IP addresses on the layer 3 side, […]

The post Learning about Cisco Port Security first appeared on Tech Like This.

]]>

Cisco Port Security

Port security is just another way network engineers can lock down their network by using the variety of switchport security settings offered on Cisco switching equipment. This article will discuss locking down ports on Cisco switches on a layer 2 level. ACLs focus on source/destination IP addresses on the layer 3 side, while switchport security settings allow you to control which layer 2 MAC addresses are allowed to connect to a certain switch port. Learning this is key to being a successful engineer and working your way up to a CCNA.

Mac Address Tables

Just as a quick reminder, remember the sh mac address command will give you a quick summary of each switch port and any MAC addresses associated with it. If two switches are connected together, you will see all the MAC addresses from the devices connected to the other switch under the single switch-to-switch connection. You will also see the MAC address of the switch port. Generally speaking, you will only see switch port MAC addresses when switches are connected together, not when an end device is connected to a switch port.

Switch Port Violation Summary

There are three violation modes that can be enforced when setting switch port security settings. They are optional, as switch port security can be enabled with default settings as discussed in the section Enabling Port-Security.

1. You can override the default maximum number of allowed MAC addresses associated with an interface by using the switchport port-security maximum ${number} interface subcommand.

2. You can override the default action to take upon a security violation (shutdown) using the switchport port-security violation {protect | restrict | shutdown} interface subcommand.

3. Predefine any allowed source MAC addresses for this interface using the switchport port-security mac-address mac-address command. Use the command multiple times to define more than one MAC address.

4. You can tell the switch to “sticky learn” dynamically learned MAC addresses with the switchport port-security mac-address sticky interface subcommand.

Setting Switch Port to Access Mode

To configure switch port security, go to global configuration mode and then interface configuration mode to configure the switch port as an access port. You cannot configure a switch port as a trunk port and enforce switch port security settings on it. In the following example, I am going to configure Switch1 interface fa0/1 as an access port and I will enable switchport port-security on the interface without editing the default port security settings.

Switch1#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch1(config)#int fa0/1
Switch1(config-if)#switchport mode access 

Enabling Port-Security

Default Port-Security Settings

There are a variety of settings you can apply to port-security but for the first example, let’s go with the defaults. Let’s use the show port-security command on interface fa0/1 on Switch1 (priv exec mode) to see what the default settings are.

Switch1#show port-security int fa0/1
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 0

The defaults for port security show that the default action taken upon a security violation is to disable the interface (shutdown) and that a maximum of 1 MAC address is allowed on the port. You cannot use this default configuration on a switch-to-switch connection obviously because a switch will have more MAC addresses than 1. Let’s enable the defaults on int fa0/1 and review the port security settings. Make sure to ping another PC to send a data frame through the switch so it can dynamically learn your MAC before verifying the switch port security settings like we do below. Remember that to actually enable port security, you need to run the switchport port-security command with no arguments. I usually run this command after I’ve configured all the interface security settings.

Switch#config t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch1(config)#int fa0/1
Switch1(config-if)#switchport port-security 
Switch1#sh port-security int fa0/1
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0001.96C2.1D89:1
Security Violation Count   : 0

 

Let’s now create a new PC and try to connect it to Fa0/1 of Switch1. Can you predict what should happen?

Switch1#
%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

It doesn’t appear that the switch interface is in shutdown mode. Why is that? This is because the default specifies that only a single MAC address can be connected to the interface not multiple. The default setting doesn’t even specify WHICH mac address can only be connected, only that a single MAC can be connected at any given time. The interface would shut down if we connected a switch to that interface and another device since there would be 2 active MAC connections on that switch port (one MAC for the switch-to-switch connection and the MAC for the PC on the switch).

Interface Administratively Down

Switch1#
%LINK-3-UPDOWN: Interface FastEthernet0/1, changed state to down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

You can check the MAC address table after the shut down and only see a single MAC (of the network switch and not the PC).

Switch#sh mac address-table 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

   1    0007.ec12.8601    DYNAMIC     Fa0/2

You can also see the interface port security information and see that the port is shut down.

Switch#sh port-security interface fa0/1
Port Security              : Enabled
Port Status                : Secure-shutdown
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0001.96C2.1D89:1
Security Violation Count   : 1

Lets change the default port-security settings to expand the allowed of MAC addresses on int fa0/1. Once you are done changing these settings, shut down the interface and then turn on the interface to get the interface back up.

Switch(config-if)#switchport port-security maximum 2
Switch(config-if)#shutdown

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
Switch(config-if)#no shutdown

Switch(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

Let’s review the MAC address table now. It should show us both the switch2 MAC address and PC0.

Switch#sh mac address-table 
          Mac Address Table
-------------------------------------------

Vlan    Mac Address       Type        Ports
----    -----------       --------    -----

   1    0001.96c2.1d89    STATIC      Fa0/1
   1    000a.f382.6ce8    DYNAMIC     Fa0/2
   1    00d0.973e.4001    STATIC      Fa0/1

Remember- we haven’t assigned which MAC addresses should be allowed on the port. We have only configured the maximum number of MAC addresses allowed on the port. Lets disable port security on that port and then set the port security settings to dynamically learn 3 MAC addresses (using sticky command) and then add another PC to the mix.

Switch(config-if)#no switchport port-security
Switch(config-if)#do sh port-security int fa0/1
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 2
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 00D0.973E.4001:1
Security Violation Count   : 0

Switch(config-if)#switchport port-security maximum 3
Switch(config-if)#switchport port-security ?
  aging        Port-security aging commands
  mac-address  Secure mac address
  maximum      Max secure addresses
  violation    Security violation mode
  <cr>
Switch(config-if)#switchport port-security mac-address ?
  H.H.H   48 bit mac address
  sticky  Configure dynamic secure addresses as sticky
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#do sh port-security int fa0/1
Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Shutdown
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 3
Total MAC Addresses        : 3
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 3
Last Source Address:Vlan   : 00D0.973E.4001:1
Security Violation Count   : 0

Switch(config-if)#switchport port-security 

Now we have allowed a max of 3 MAC addresses on Fa0/1 on Switch1. We have configured the switch to dynamically learn the 3 MAC addresses allowed to communicate on that port.

Restrict and Protect Modes

Instead of setting the violation mode to shutdown mode, we can use two other modes called restrict mode and protect modes. Protect mode simply discards offending traffic and does not log SNMP messages, it doesn’t increment the violation counter on show port-security and it doesn’t put the interface in an err-disabled state (only shutdown mode does this).

Restrict mode also discards offending traffic but it logs violations. Restrict mode is good if you want visibility over what violations are taking place on an interface and protect mode is if you want to set it and forget it. Once you are on interface configuration mode you can set the violation sub command as shown below:

Switch(config-if)#switchport port-security violation ?
  protect   Security violation protect mode
  restrict  Security violation restrict mode
  shutdown  Security violation shutdown mode
Switch(config-if)#switchport port-security violation 

The post Learning about Cisco Port Security first appeared on Tech Like This.

]]>
87