• Home
  • Exams
    Microsoft
    AI-102 (Designing and Implementing) AI-900 (AI Fundamentals) AZ-104 (Administrator) AZ-140 (Configuring and Operating) AZ-204 (Developing Solutions) AZ-305 (Designing Infrastructure Solutions) AZ-400 (DevOps Solutions) AZ-500 (Security Technologies) AZ-700 (Designing and Implementing)
    All Microsoft Exams
    Amazon
    CLF-C01 (Cloud Practitioner) DBS-C01 (Database - Specialty) DVA-C01 (Developer Associate) SCS-C01 (Security - Specialty) SAA-C02 (Solutions Architect Associate) SAA-C03 (Solutions Architect Associate) SAP-C01 (Solutions Architect Professional) SOA-C02 (Certified SysOps Administrator Associate) DOP-C01 (DevOps Engineer Professional)
    All Amazon Exams
    Cisco
    200-201 (CBROPS) 200-301 (CCNA) 200-901 (DEVASC) 300-410 (ENARSI) 300-415 (ENSDWI) 300-420 (ENSLD) 300-425 (ENWLSD) 300-430 (ENWLSI) 300-715 (SISE) 350-401 (ENCOR) 350-501 (SPCOR) 350-601 (DCCOR) 350-701 (SCOR) 350-801 (CLCOR) 400-007 (CCDE)
    All Cisco Exams
    CompTIA
    220-1101 (A+ Core 1) 220-1102 (A+ Core 2) CAS-004 (Advanced Security Practitioner) CS0-002 (CySA+) CV0-003 (Cloud+) FC0-U61 (IT Fundamentals) N10-008 (Network+) PK0-004 (Project+) PT0-002 (PenTest+) SK0-005 (Server+) SY0-601 (Security+) XK0-004 (Linux+)
    All CompTIA Exams
    Google
    Associate Cloud Engineer Cloud Digital Leader Professional Cloud Architect Professional Cloud Security Engineer Professional Data Engineer
    All Google Exams
    Huawei
    H11-851 (HCNA-VC) H12-211 (HCIA Routing&Switching) H12-221 (HCNP-RS-IERN) H12-224 (HCNP-RS Fast Track) H12-711 (HCNA-Security-CBSN) H13-612 (HCNA-Storage-BSSN) H13-629 (HCIE-Storage)
    All Huawei Exams
    Python
    Python Programming (PCAP)
    All Python Exams
    Juniper
    JN0-104 (JNCIA-Junos) JN0-251 (JNCIA-MistAI)
    All Juniper Exams
    Fortinet
    NSE4_FGT-7.0 (FortiOS 7.0) NSE4_FGT-7.2 (FortiOS 7.2) NSE5_FAZ-7.0 (FortiAnalyzer 7.0) NSE5_FCT-7.0 (FortiClient EMS 7.0) NSE5_FMG-7.0 (FortiManager 7.0) NSE7_EFW-7.0 (Enterprise Firewall 7.0) NSE7_SDW-7.0 (SD-WAN 7.0 ) NSE8_812 (Written Exam)
    All Fortinet Exams
  • LabsNew
    CCNA 200-301
    Introduction IOS Operating System IPv4 Address Configure Serial and Loopback Interfaces IPv6 Address Configuration, Verification, and Troubleshooting IPv6 Address Autoconfiguration and EUI-64 Understanding ARP and Proxy ARP Configuring Standard VLANs Configuring VTP Clients and Servers Configuring VTP Transparent Mode Securing VTP Domains Switch Access Port Security Advanced Switch Access Port Security Advanced Static Switch Access Port Security Disabling Auto-negotiation of Trunking Configuring Dynamic Trunking Configuring Default Gateways Cisco Discovery Protocol (CDP) Configuring LLDP on Cisco Devices Configuring Errdisable Recovery Configuring Inter-VLAN Routing with Router on a Stick (RoaS) Inter-VLAN Routing Using Switched Virtual Interfaces (SVI) Configuring Static Routing via Ethernet Interfaces Configuring Static Routing via IP addresses Configuring and Naming Static Routes Configuring Default Static Routes Configuring IPv6 Static Routes Configuring IPv6 Default Routes Configuring IP Floating Static Routes Configuring RIP Version 2 RIPv2 Network Summarization Configuration
  • ToolboxNew
    IPv4 Subnet Calculator
    IPv4 Wildcard Mask Calculator
    HTML Encoder and Decoder
    URL Encoder and Decoder
    Random Password Generator
  • Net Sec ToolsNew
    Cisco Packet Tracer
    GNS3
    EVE-NG
    Wireshark
    Postman
    Nmap
    Curl
    Nessus
    Burp Suite
  • Sign Up
  • Login

  • Logo

    Labs

    • Lab 1: Introduction to CISCO 200-301 Labs
    • Lab 2: Cisco IOS Operating System
    • Lab 3: IPv4 Address Configuration, Verification, and Troubleshooting on Cisco Routers
    • Lab 4: IPv6 Address Configuration, Verification, and Troubleshooting on Cisco Routers
    • Lab 5: IPv6 Address Autoconfiguration and EUI-64 Addressing on Cisco Routers
    • Lab 6: Understanding ARP and Proxy ARP on Cisco Routers
    • Lab 7: Configuring Standard VLANs on Catalyst Switches
    • Lab 8: Configuring VTP Clients and Servers on Cisco Catalyst Switches
    • Lab 9: Configuring VTP Transparent Mode on Cisco Catalyst Switches
    • Lab 10: Securing VTP Domains on Cisco Catalyst Switches
    • Lab 11: Configuring Switch Access Port Security on Cisco Catalyst Switches
    • Lab 12: Configuring Advanced Switch Access Port Security on Cisco Catalyst Switches
    • Lab 13: Configuring Advanced Static Switch Access Port Security on Cisco Catalyst Switches
    • Lab 14: Disabling Auto-negotiation of Trunking on Cisco Catalyst Switches
    • Lab 15: Configuring Dynamic Trunking on Cisco Switchports
    • Lab 16: Configuring Default Gateways for Cisco Routers and Switches
    • Lab 17: Understanding Cisco Discovery Protocol (CDP)
    • Lab 18: Configuring LLDP on Cisco Devices
    • Lab 19: Configuring Errdisable Recovery on Cisco Switches
    • Lab 20: Configuring Inter-VLAN Routing with Router on a Stick (RoaS)
    • Lab 21: Configuring Inter-VLAN Routing Using Switched Virtual Interfaces (SVI)
    • Lab 22: Configuring Static Routing via Ethernet Interfaces on Cisco Routers
    • Lab 23: Configuring Static Routing via IP addresses
    • Lab 24: Configuring and Naming Static Routes on Cisco Routers
    • Lab 25: Configuring Default Static Routes on Cisco Routers
    • Lab 26: Configuring IPv6 Static Routes on Cisco Routers
    • Lab 27: Configuring IPv6 Default Routes on Cisco Routers
    • Lab 28: Configuring IP Floating Static Routes on Cisco Routers
    • Lab 29: Configuring RIP Version 2 on Cisco Routers
    • Lab 30: RIPv2 Network Summarization Configuration on Cisco Routers

    Configuring Advanced Static Switch Access Port Security on Cisco Catalyst Switches

    Objective

    The objective of this lab exercise is to learn and understand how to configure static MAC entries for port security. By default, MAC entries are learned dynamically on a switchport.

    Purpose

    Static port security MAC entries are an advanced skill. Static MAC address entries are manually configured by the administrator. As a Cisco engineer, understanding advanced features will give you the edge over your fellow CCNAs.

    Lab Topology

    Use the following topology to complete this lab exercise:

    Router Setup 1

    Task 1: Configure Hostnames and VLAN

    Objective: Configure hostnames on SW1 and R1 as illustrated in the topology. Create VLAN10 on switch SW1 and assign port FastEthernet0/2 to this VLAN as an access port.

    Configuration Steps:

    SW1#config t
    Enter configuration commands, one per line. End with CTRL/Z.
    SW1(config)#hostname SW1
    SW1(config)#
    
    R1#config t
    Enter configuration commands, one per line. End with CTRL/Z.
    R1(config)#hostname R1
    R1(config)#
    
    SW1#config t
    Enter configuration commands, one per line. End with CTRL/Z.
    SW1(config)#vlan 10
    SW1(config-vlan)#name VLAN10
    SW1(config-vlan)#exit
    SW1(config)#interface fastethernet0/2
    SW1(config-if)#switchport mode access
    SW1(config-if)#switchport access vlan 10
    SW1(config-if)#end

    Task 2: Configure IP Addresses

    Objective: Configure IP address 172.16.0.1/27 on R1’s FastEthernet0/0 interface and IP address 172.16.0.2/27 on Sw2’s VLAN10 interface. Verify that R1 can ping SW1, and vice versa.

    Configuration Steps:

    R1#config t
    Enter configuration commands, one per line. End with CTRL/Z.
    R1(config)#interface fastethernet0/0
    R1(config-if)#ip address 172.16.0.1 255.255.255.224
    R1(config-if)#no shutdown
    R1(config-if)#end
    R1#copy running-config startup-config
    
    SW1#config t
    Enter configuration commands, one per line. End with CTRL/Z.
    SW1(config)#interface vlan10
    SW1(config-if)#ip address 172.16.0.2 255.255.255.224
    SW1(config-if)#no shutdown
    SW1(config-if)#end
    
    R1#ping 172.16.0.2
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.16.0.2, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
    
    SW1#ping 172.16.0.1
    Type escape sequence to abort.
    Sending 5, 100-byte ICMP Echos to 172.16.0.1, timeout is 2 seconds:
    !!!!!
    Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms

    Task 3: Configure Static Port Security MAC Entries

    Objective: Configure port security on port FastEthernet0/2 on SW1 for the following static MAC addresses:

    • 000a.1111.ab01
    • 000b.2222.cd01
    • 000c.3333.ef01
    • 000d.4444.ac01

    The switch should restrict access to these ports for MAC addresses that are not known. Verify your configuration with port-security commands in Cisco IOS.

    Configuration:

    SW1#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    SW1(config)#interface fastethernet0/2
    SW1(config-if)#switchport port-security
    SW1(config-if)#switchport port-security maximum 4
    SW1(config-if)#switchport port-security mac-address 000a.1111.ab01
    SW1(config-if)#switchport port-security mac-address 000b.2222.cd01
    SW1(config-if)#switchport port-security mac-address 000c.3333.ef01
    SW1(config-if)#switchport port-security mac-address 000d.4444.ac01
    SW1(config-if)#end
    SW1#copy running-config startup-config
    Destination filename [startup-config]?
    Building configuration...
    [OK]
    SW1#show port-security
    Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
                   (Count)       (Count)        (Count)
    --------------------------------------------------------------------
            Fa0/2        4          4                 0         Shutdown
    ----------------------------------------------------------------------
    
    SW1#show port-security address
    %SYS-5-CONFIG_I: Configured from console by console
    
                   Secure Mac Address Table
    -----------------------------------------------------------------------------
    Vlan    Mac Address       Type                          Ports   Remaining Age
                                                                       (mins)
    ----    -----------       ----                          -----   -------------
      10    000A.1111.AB01    SecureConfigured              Fa0/2        -
      10    000B.2222.CD01    SecureConfigured              Fa0/2        -
      10    000C.3333.EF01    SecureConfigured              Fa0/2        -
      10    000D.4444.AC01    SecureConfigured              Fa0/2        -
    -----------------------------------------------------------------------------
    Total Addresses in System (excluding one mac per port)     : 3
    Max Addresses limit in System (excluding one mac per port) : 1024

    Note: The requirements of this task seem pretty simple; however, a common mistake is often made by people who forget that by default, the maximum number of addresses that can be secured is one. Therefore, since you were given four MAC addresses, you need to increase the port security limit to four. Otherwise, if you did not add the switchport port-security maximum 4 command, you would receive the following error when trying to add the second static MAC address for port security:

    SW1#conf t
    Enter configuration commands, one per line.  End with CNTL/Z.
    SW1(config)#interface fastethernet0/5
    SW1(config-if)#switchport port-security
    Command rejected: FastEthernet0/5 is a dynamic port.
    SW1(config-if)#switchport port-security mac-address 000a.1111.ab01
    SW1(config-if)#switchport port-security mac-address 000b.2222.cd01
    Total secure mac-addresses on interface FastEthernet0/5 has reached maximum limit.

    Cisco Packet Tracer file:
    Load and open the .pkt Lab file in Cisco Packet Tracer from here: Advanced_Static_Switch_Access_Port_Security.pkt

    © 2025 WinITExam.com
    Terms | Privacy | Refund | Contact