Lab 13:

Configuring advanced static switch Access port security

Lab Objective:

The objective of this lab exercise is for you to learn and understand how to configure static MAC entries for port security. By default, MAC entries are learned dynamically on a switch port.

Lab Purpose:

Static port security MAC entries are an advanced skill. Static MAC address entries are manually configured by the administrator. As a Cisco engineer, understanding advanced features will give you the edge over fellow CCNAs.

Certification Level:

This lab is suitable for CCNA certification exam preparation.

Lab Difficulty:

This lab has a difficulty rating of 8/10

Readiness Assessment:

When you are ready for your certification exam, you should complete this lab in no more than 15 minutes

Lab Topology:

Please use the following topology to complete this lab exercise:

Task 1:

Configure a hostname of Sw1 on your lab switch, and the hostname R1 on the router as illustrated in the topology. Create VLAN 10 on switch Sw1 and assign port FastEthernet0/2 to this VLAN as an access port.

Task 2:

Configure IP address 172.16.0.1/27 on router R1's FastEthernet0/0 interface, and IP address 172.16.0.2/27 in switch Sw2's VLAN 10 interface. Verify that R1 can ping Sw1 and vice versa.

Task 3:

Configure port security on port FastEthernet0/5 on switch Sw1 for the following static MAC addresses:

abcd.1111.ab01

abcd.2222.cd01

abcd.3333.ef01

abcd.4444.ac01

The switch should restrict access to these ports for MAC addresses that are not known. Verify your configuration with port security commands in Cisco IOS.

This lab is just one of over 100 labs designed to help you prepare for your Cisco CCNA and CCENT exams. You can view the labs for free at www.howtonetwork.net or buy your own copy of the lab book, solution guide and CDs from the howtonetwork.net shop. Platinum members of www.howtonetwork.net can access all the labs and videos online for free.