This project simulates real-world network security by implementing switch port security in a small office LAN. The goal is to prevent unauthorized devices from connecting to the network by enforcing MAC address restrictions on switch ports.
- Switch (2960) as the core network device
- PC0 and PC1: Authorized workstations connected to F0/1 and F0/2
- PC2: Unauthorized device (used to simulate intrusion)
| Port | Mode | Max MACs | Violation Action | Sticky MACs |
|---|---|---|---|---|
| F0/1 | Access | 1 | Shutdown | Enabled |
| F0/2 | Access | 1 | Shutdown | Enabled |
interface fastethernet0/1
switchport mode access
switchport port-security
switchport port-security maximum 1
switchport port-security violation shutdown
switchport port-security mac-address sticky- PC0 and PC1 were connected and their MAC addresses were locked in via sticky learning.
- PC2 was connected to F0/1 (previously used by PC0).
- Switch immediately shut down the port due to MAC address violation.
- Violation was confirmed using:
show port-security interface fastethernet0/1
To bring a shut-down port back online:
interface fastethernet0/1
shutdown
no shutdown| Folder/File | Description |
|---|---|
packet_tracer_file/ |
.pkt simulation file |
configs/ |
CLI commands and port status |
README.md |
This documentation |
- Switch port configuration
- MAC address control
- CLI security commands
- Troubleshooting secure shutdown ports