Thursday, April 14, 2011

How to Configure Cisco Port Security

Network switches is the core components of enterprise networks. Switches are feature rich and handle critical business functions including routing and switching. Port Security is a vital step in deploying switched networks.

This article will provide quick steps to secure a Cisco-based LAN.

  1. Protect unused switch ports. Use the "switchport mode access or shutdown" command on unused ports to prevent unsecured trunking. This is a common way for an attacker to gain access to a switched network.
  2. Configure Root Guard. On the Core switch, use the command "spanning-tree guard root" on all trunked ports.
  3. Configure BPDU Guard. Use the command "spanning-tree portfast bpduguard default" from configuration mode on all Access switches.
  4. Protect your DHCP services. Use the command "ip dhcp snooping" as a global configuration on all switches. Then, use the command "ip dhcp snooping trust" on each uplink port or access port that connects to your DHCP server.