1
00:00:00,090 --> 00:00:04,990
‫SNP security is another important point of network device security.

2
00:00:05,610 --> 00:00:11,820
‫First of all, you should check whether access to devices has been restricted by access control lists.

3
00:00:13,640 --> 00:00:19,700
‫As mentioned before, S&P has three versions in version one and two.

4
00:00:21,310 --> 00:00:27,610
‫Packets are transmitted as clear text, so the traffic between the client and the server is visible

5
00:00:27,640 --> 00:00:33,190
‫for the third parties who listen to the network traffic and learn the as an MP community name.

6
00:00:34,780 --> 00:00:38,320
‫In addition, there's just no authorization mechanism.

7
00:00:40,340 --> 00:00:45,710
‫S&P V3 was developed due to the weaknesses identified in the first two version.

8
00:00:46,760 --> 00:00:53,600
‫It has encryption and authorization features, but it does not have a mechanism to secure the community

9
00:00:53,600 --> 00:00:53,900
‫name.

10
00:00:56,160 --> 00:01:01,170
‫Port Security is a feature that can help secure access to the physical network.

11
00:01:02,370 --> 00:01:06,960
‫We've been using the Cisco Switch and router throughout the course, so I'm going to explain the port

12
00:01:06,960 --> 00:01:08,760
‫security on Cisco devices.

13
00:01:10,500 --> 00:01:15,330
‫Cisco iOS is the operating system of Cisco routers and network switches.

14
00:01:17,060 --> 00:01:23,780
‫And it has the port security feature, which can be used to restrict the Mac address of the devices

15
00:01:23,780 --> 00:01:26,810
‫that connect to each of the physical switch ports.

16
00:01:28,620 --> 00:01:30,840
‫Cisco Port Security can help to.

17
00:01:32,030 --> 00:01:36,730
‫Tricked the Mac address or addresses that can connect through a switchboard.

18
00:01:39,080 --> 00:01:43,100
‫Restrict a number of Mac addresses that can connect through a Switch port.

19
00:01:44,530 --> 00:01:47,740
‫Set aging of the Mac addresses registered.

20
00:01:49,300 --> 00:01:53,770
‫It can also set the action to take when there is a violation detected.

21
00:01:56,080 --> 00:01:59,770
‫So there are three action modes in case of a violation.

22
00:02:01,780 --> 00:02:05,710
‫Protect drops packets with unknown source addresses.

23
00:02:06,100 --> 00:02:11,350
‫Until you remove a sufficient number of secure Mac addresses to drop below the maximum value.

24
00:02:12,670 --> 00:02:19,960
‫Restrict drops packets with unknown source addresses until you remove a sufficient number of secure

25
00:02:19,960 --> 00:02:26,620
‫Mac addresses to drop below the maximum value, and it causes a security violation counter to increment.

26
00:02:28,370 --> 00:02:36,560
‫Shut down puts the interface into the error, disabled state immediately and sends an S&P trap notification.

27
00:02:37,460 --> 00:02:39,410
‫This is a default action.

28
00:02:42,030 --> 00:02:46,500
‫So here I'll put up some port security usage examples.

29
00:02:47,960 --> 00:02:53,210
‫The first three lines are to be able to start using port security function to begin with.

30
00:02:53,750 --> 00:03:02,120
‫Enter the configure terminal and the interface you want to configure and then set the port mode as access.

31
00:03:03,380 --> 00:03:10,430
‫The default port mode is dynamic, desirable and you cannot configure report in dynamic desirable.

32
00:03:12,470 --> 00:03:19,250
‫If you use port security without any parameter, it enables the port security on the Switch port with

33
00:03:19,250 --> 00:03:21,650
‫the defaults and the defaults are.

34
00:03:23,130 --> 00:03:24,810
‫One Mac address allowed.

35
00:03:26,500 --> 00:03:29,500
‫First connected Mac address is set statically.

36
00:03:30,410 --> 00:03:33,500
‫And disabled port, if there is a violation.

37
00:03:34,990 --> 00:03:41,590
‫So if you use the function with Mac address parameter only the server with a specified Mac address is

38
00:03:41,590 --> 00:03:42,070
‫allowed.

39
00:03:43,150 --> 00:03:49,270
‫Max parameter is used to set the maximum number of Mac addresses allowed on the secure report.

40
00:03:50,320 --> 00:03:54,340
‫If you don't set the max value, the default number is 128.

41
00:03:55,030 --> 00:04:02,530
‫And you can identify how long will the port security roles be active using the aging time parameter?

42
00:04:03,710 --> 00:04:06,470
‫And the value, as always, is in minutes.