Switchport port-security mac-address stickyĪt this point the interfaces should be assigned to their corresponding vlan or shut down.Each interface can only have a single mac-address tied to it or a security violation will shut down the port. Select all access interfaces and assign uniform commands.Assign unused ports to Black_Hole vlan and shut them off.Take care of all the uniform commands that apply to all interfaces in that range then apply interface specific commands like switchport access vlan. My recommended strategy is to configure the trunk and access ports in separate ranges.
This helps create segmentation as well as access control when ACLs are applied. The vlan design is relatively simple with worker, technician, and separate vlans for various servers. Lets start out by assigning end hosts to the appropriate vlan and securing physical interfaces. These steps are covered in my tutorial called Project: Using Cisco Packet Tracer to learn networking.
This tutorial includes 2 downloadable pkt files which you can access here: Download files for Packet TracerĪll files used in this tutorial can be viewed and downloaded here. If some of these terms seem foreign, spend some time researching them and at least know their basic purpose in a network before proceeding.Īn extensive in-depth knowledge is not required to at least start configuring and see how these protocols work in action.
Think of Internal and DMZ together as being our private network.
0 kommentar(er)
