|
|
Recent Articles |
Ten IP Routing Details You Must Know!
To pass the BSCI exam and earn your CCNP, you´ve got to keep a lot of details in mind. It´s easy to overlook the "simpler" protocols and services such as static routing and distance vector protocols.
Cisco CCNP / BCMSN Exam Tutorial: Multicasting And Reserved Addresses
Ever since you picked up your first CCNA book, you´ve heard about multicasting, gotten a fair idea of what it is, and you´ve memorized a couple of reserved multicasting addresses.
Cisco CCNP / BCSI Exam Tutorial: Configuring EIGRP Packet Authentication
Configuring RIPv2 and EIGRP authentication with key chains can be tricky at first, and the syntax isn´t exactly easy to remember.
CCNA Recertification Requirements
Passing the CCNA exam and earning this coveted Cisco certification is an important step in your career, but it´s not the end of your responsibilities as a CCNA!
How to Choose the Right IT Certification Training
IT training is an important part of your professional formation, offering a range of alternatives in software training, technical training and certification training, that sometimes make it hard to find out which one is the most convenient when it comes to deciding.
Microsoft Certification: The New MCTS Tracks And Exams
Microsoft is revamping its certification tracks, and will eventually retire the familiar MCSE certificatons.
Passing Your MCSE Exams On The Road To Microsoft Certification
To earn the Microsoft certified systems engineer
certification and to prove expertise in designing
and implementation of the infrastructure for business
solutions based on the Microsoft Windows 2003...
Cisco CCNA Certification: The (Many) Different Kinds Of Switching
When you´re studying for your CCNA exam, whether you´re taking the Intro-ICND path or the single-exam path, you´re quickly introduced to the fact that switching occurs at Layer 2 of the OSI model.
|
|
|
05.19.06
Cisco CCNA Certification: Port-Based Authentication
 By
Chris Bryant
To pass your CCNA exam and earn this coveted certification, you must understand the details of port-based authentication.
This knowledge has a great deal of value in production networks as well, since this authentication scheme is regularly implemented. Let's take a look at this particular CCNA skill.
Consider a situation where you have a server that will be connected to your switch, and you want the port to shut down if a device with a different MAC address that that of the switch attempts to connect to that port. You could also have a situation where you have someone who has a connection to a switch port in his office, and he wants to make sure that only his laptop can use that port.
Both of these examples are real-world situations, and there are two solutions for each. First, we could create a static MAC entry for that particular switch port. I don't recommend this, mainly because both you and I have better things to do than manage static MAC entries. The better solution is to configure port-based authentication on the switch.
The Cisco switch uses MAC addresses to enforce port security. With port security, only devices with certain MAC addresses can connect to the port successfully. This is another reason source MACs are looked at before the destination MAC is examined. If the source MAC is non-secure and port-based authentication is in effect, the destination does not matter, as the frame will not be forwarded. In essence, the source MAC address serves as the password.
MAC addresses that are allowed to successfully communicate with the switch port are secure MAC addresses. The default number of secure MAC addresses is 1, but a maximum of 132 secure MACs can be configured.
When a non-secure MAC address attempts to communicate with the switch port, one of three actions will occur, depending on the port security mode. In Protect mode, frames with non-secure MAC addresses are dropped. There is no notification that a violation has occurred. The port will continue to switch frames for the secure MAC address.
In Restrict mode, the same action is taken, but a syslog message is logged via SNMP, which is a messaging protocol used by Cisco routers.
In Shutdown mode, the interface goes into error-disabled state, the port LED will go out, and a syslog message is logged. The port has to be manually reopened. Shutdown mode is the default port-security mode.
Port-based authentication is just one of the many switching skills you'll have to demonstrate to earn your CCNA certification. Make sure you know the basics shown here, including the action of each particular mode, and you're on your way to CCNA exam success!
About the Author:
Chris Bryant, CCIE #12933, is the owner of The
Bryant Advantage. |
