8.28 MB - Edge-Core
30.06.2015 Views
Share Embed Flag

8.28 MB - Edge-Core

8.28 MB - Edge-Core

8.28 MB - Edge-Core

SHOW MORE
SHOW LESS
ePAPER READ
DOWNLOAD ePAPER
edge.core.com

You also want an ePaper? Increase the reach of your titles

YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.

START NOW

User Authentication<br />

3<br />

CLI – This example enables SSH, sets the authentication parameters, and displays<br />

the current configuration. It shows that the administrator has made a connection via<br />

SHH, and then disables this connection.<br />

Console(config)#ip ssh server 4-35<br />

Console(config)#ip ssh timeout 100 4-36<br />

Console(config)#ip ssh authentication-retries 5 4-37<br />

Console(config)#ip ssh server-key size 512 4-37<br />

Console(config)#end<br />

Console#show ip ssh 4-40<br />

SSH Enabled - version 2.0<br />

Negotiation timeout: 120 secs; Authentication retries: 5<br />

Server key size: 512 bits<br />

Console#show ssh 4-40<br />

Connection Version State<br />

Username Encryption<br />

0 2.0 Session-Started admin ctos aes128-cbc-hmac-md5<br />

stoc aes128-cbc-hmac-md5<br />

Console#disconnect 0 4-18<br />

Console#<br />

Configuring Port Security<br />

Port security is a feature that allows you to configure a switch port with one or more<br />

device MAC addresses that are authorized to access the network through that port.<br />

When port security is enabled on a port, the switch stops learning new MAC<br />

addresses on the specified port when it has reached a configured maximum<br />

number. Only incoming traffic with source addresses already stored in the dynamic<br />

or static address table will be accepted as authorized to access the network through<br />

that port. If a device with an unauthorized MAC address attempts to use the switch<br />

port, the intrusion will be detected and the switch can automatically take action by<br />

disabling the port and sending a trap message.<br />

To use port security, specify a maximum number of addresses to allow on the port<br />

and then let the switch dynamically learn the pair for<br />

frames received on the port. Note that you can also manually add secure addresses<br />

to the port using the Static Address Table (page 3-87). When the port has reached<br />

the maximum number of MAC addresses the selected port will stop learning. The<br />

MAC addresses already in the address table will be retained and will not age out.<br />

Any other device that attempts to use the port will be prevented from accessing the<br />

switch.<br />

Command Usage<br />

• A secure port has the following restrictions:<br />

- It cannot use port monitoring.<br />

- It cannot be a multi-VLAN port.<br />

- It cannot be used as a member of a static or dynamic trunk.<br />

- It should not be connected to a network interconnection device.<br />

• The default maximum number of MAC addresses allowed on a secure port is zero.<br />

You must configure a maximum address count from 1 - 1024 for the port to allow<br />

access.<br />

3-45

logo

products

Resources

Company

Terms of service
Privacy policy
Cookie policy
Cookie settings
Imprint
Change language
Made with love in Switzerland
© 2024 Yumpu.com all rights reserved

Hooray! Your file is uploaded and ready to be published.

Saved successfully!

Ooh no, something went wrong!