06-15-2024 12:55 AM - last edited on 06-15-2024 01:39 AM by shazubai
give me a simple topology and simple layer2 switch configuration to trigger this error message related to port security violation in cisco packet tracer
Solved! Go to Solution.
06-15-2024 02:11 AM
config two post with port security with following :-
1- Max mac is One
2- port security sticky
then connect PC to one port then move it connect to other port
this will violate the security and generate error
MHM
06-15-2024 02:49 AM
Hello @Sr7nyx
To make it easy ; in order to trigger a port security violation in packet tracer, set up a simple topology with two PC connected to a switch. Assign IP addresses to the PCs and configure the switch by enabling port security on the port connected to the first PC (Fa0/1). Limit the port to learn only one MAC address and set the violation mode to `shutdown`. Connect PC1 to Fa0/1, allowing the switch to learn its MAC address. Then, disconnect PC1 and connect PC2 to the same port, which will trigger the violation as the switch detects a different MAC address on Fa0/1.
When PC2 connects to Fa0/1, the switch will recognize a port security violation because it is configured to only accept the MAC address of PC1. Consequently, the switch will place Fa0/1 into an `err-disabled` state, effectively shutting down the port to prevent unauthorized access. This action ensures network security by restricting port access based on predefined rules. You can verify the violation by using commands like `show port-security interface fa0/1` and `show interfaces status err-disabled`, which will display the port security status and identify the ports that have been disabled due to security violations.
---
Example:
** Configure interface Fa0/1 **
Switch(config)# interface Fa0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 1
Switch(config-if)# switchport port-security violation shutdown
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# exit
06-15-2024 12:58 AM
check below example to start with : (may be all device not support that security feature, check the device support in PT to test it).
https://www.cisco.com/en/US/docs/general/Test/dwerblo/broken_guide/port_sec.html
https://www.youtube.com/watch?v=Rnq2LM7YY3Y
06-15-2024 02:11 AM
config two post with port security with following :-
1- Max mac is One
2- port security sticky
then connect PC to one port then move it connect to other port
this will violate the security and generate error
MHM
06-15-2024 02:49 AM
Hello @Sr7nyx
To make it easy ; in order to trigger a port security violation in packet tracer, set up a simple topology with two PC connected to a switch. Assign IP addresses to the PCs and configure the switch by enabling port security on the port connected to the first PC (Fa0/1). Limit the port to learn only one MAC address and set the violation mode to `shutdown`. Connect PC1 to Fa0/1, allowing the switch to learn its MAC address. Then, disconnect PC1 and connect PC2 to the same port, which will trigger the violation as the switch detects a different MAC address on Fa0/1.
When PC2 connects to Fa0/1, the switch will recognize a port security violation because it is configured to only accept the MAC address of PC1. Consequently, the switch will place Fa0/1 into an `err-disabled` state, effectively shutting down the port to prevent unauthorized access. This action ensures network security by restricting port access based on predefined rules. You can verify the violation by using commands like `show port-security interface fa0/1` and `show interfaces status err-disabled`, which will display the port security status and identify the ports that have been disabled due to security violations.
---
Example:
** Configure interface Fa0/1 **
Switch(config)# interface Fa0/1
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security maximum 1
Switch(config-if)# switchport port-security violation shutdown
Switch(config-if)# switchport port-security mac-address sticky
Switch(config-if)# exit
06-15-2024 06:34 AM
i did exactly as you told but still i dont getting the error this is my switch configuration :
Switch>enable
Switch#
Switch#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface FastEthernet0/1
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security violation shutdown
Switch(config-if)#switchport port-security mac-address sticky
Switch(config-if)#end
Switch#
06-15-2024 06:43 AM
Ad I mention you need two port config with port secuirty
Connect one PC to first port then reconnect it to second port
You sure get leg error
MHM
06-15-2024 06:53 AM
still aint getting it , this is my both port security configurations :
Switch#show port-security interface fa0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 0001.6457.EDD7:1
Security Violation Count : 0
Switch#show port-security interface fa0/2
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
Last Source Address:Vlan : 00E0.8F57.A26B:1
Security Violation Count : 0
06-15-2024 06:56 AM
You use two different PC to test
Use same PC 00E0.8F57.A26B:1 connect to port f0/1
MHM
06-15-2024 06:56 AM
im dont getting the error message but it disables the interface when i tried to ping each other so technically it works but the error message isnt there !! i need the error message to be in my report
06-15-2024 07:04 AM
If this is packet tracer use new ver. (Update it)
It can bug
MHM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide