Blog

Configure Switch Port Security with Dynamic Port

Objective:
To configure switch port security with dynamic port settings to ensure network integrity by limiting the number of MAC addresses allowed on a switch port.

Topology Overview:

Type of  Switch Port Security

1. Switch Port Security with Dynamic Port
2. Switch Port Security with Manual Static MAC Address
3. Switch Port Security with MAC Address Sticky
4. Switch Port Security with Violation (Shutdown, Restrict, Protect)

Production Infrastructure:

Devices: PC1, PC2, and other PCs
Connection: All devices are connected to switch S1 via port Fa0/1.
Goal: Ensure only one MAC address is connected to port Fa0/1 at any given time. The specific MAC address is not predetermined.

Configuration Steps:

To configure switch port security on switch S1, follow these steps:

1. Enter Global Configuration Mode:

   Switch>enable
   Switch#configure terminal

2. Set Hostname for the Switch:

   Switch(config)#hostname S1

3. Configure the Interface:

   S1(config)#interface fastEthernet 0/1

4. Set the Port Mode to Access:

   S1(config-if)#switchport mode access

5. Enable Port Security:

   S1(config-if)#switchport port-security

6. Exit Configuration Mode and Save Settings:

   S1(config-if)#exit
   S1(config)#do write

Threat Infrastructure:

Scenario: An unauthorized switch (S2) is connected to S1 via port Fa0/1.
Outcome: Port Fa0/1 on S1 will shut down upon detecting a violation, preventing devices such as BYOD and those controlled by threat actors from connecting through S1.

Consideration:

If an attacker replaces PC1 with a malicious device in the production infrastructure, the attacker’s device will be able to connect through S1 due to the dynamic nature of the MAC address learning. Additional security measures may be needed to prevent such scenarios.

Conclusion:

By configuring switch port security with dynamic port settings, you can effectively limit the number of devices that can connect to a specific switch port, enhancing network security. However, it is crucial to continuously monitor and update the network security policies to address evolving threats.