Port Security Lab Sim
Question
You are the network security administrator for Big Money Bank Co. You are informed that an attacker has performed a CAM table overflow attack by sending spoofed MAC addresses on one of the switch ports. The attacker has since been identified and escorted out of the campus. You now need to take action to configure the switch port to protect against this kind of attack in the future.
For purposes of this test, the attacker was connected via a hub to the Fa0/12 interface of the switch. The topology is provided for your use. The enable password of the switch is cisco. Your task is to configure the Fa0/12 interface on the switch to limit the maximum number of MAC addresses that are allowed to access the port to two and to shutdown the interface when there is a violation.
Answer and Explanation
The purpose of this sim is straightforward:
- Limit the maximum number of MAC addresses that are allowed to access the port to two.
- Shutdown the interface when there is a violation.
Please remember that we have to access interface Fa0/12 to fulfill the requirements. Before making any configuration, we should use the show running-config to check the status of interface Fa0/12
Switch>enable
Password: cisco
Switch#show running-config
The interface Fa0/12 hasn’t been configured with anything.
Switch#configure terminal
Switch(config)#interface fa0/12
Switch(config-if)#switchport mode access
First, enable the “port security” feature on this interface:
Switch(config-if)#switchport port-security
Set the maximum number of secure MAC addresses for this interface to 2:
Switch(config-if)#switchport port-security maximum 2
Shutdown if the security is violated:
Switch(config-if)#switchport port-security violation shutdown
Switch(config-if)#no shutdown
Switch(config-if)#end
Now you should check if the configuration is correct or not by typing the command show port-security interface fa0/12
Switch#show port-security interface fa0/12
Notice that the parameters should be like this:
+ Port Security: Enabled
+ Violation Mode: Shutdown
+ Maximum MAC Address: 2
Save the configuration
Switch#copy running-config startup-config
Just for your information, when the security is violated the port is in the error-disabled state. We can bring it out of this state by entering the “errdisable recovery cause psecure-violation” global configuration command or we can manually re-enable it by entering the “shutdown” and “no shutdown” commands in the interface configuration.
All I can say is very simple but I really mean it
THANK YOU
wow really easy sim in comparssion to ccna sims…
is this come in ccna security, pls tell me . next month i am going to write this exam
Yes, this is the sim many candidates have seen in their exams.
Thank you.
Say me you has more example lab about CCNA SECURITY
Hi,
Is there anymore i can view besides this port Security one?
I plan on taking this exam next week.
The other ones i see there is no picture or info when i click.
Thanks
In the real exam you will see 3 sims. One of them is “Port Security” as shown above. We will try to update these 2 sims soon.
great job done securitytut..
looking forward to the other sims also..
regards
Romy
Just wondering, you dont need to input “switchport port-security violation shutdown
” right? This is the default setting when enabling port-security on an interface.
Yes, “shutdown” is the default setting so we don’t need to type that command but in the real exam we should type it.
Hi,
do we need to type
switchport portsecurity macaddress sticky
or is the port security sticky enabled by default
please anyone update the latest dumps? testinside V6.11 still valid?
Thanks
Si intentas colocar el comando “switchport port-security macaddress sticky”, el programa te informa que el comando no es valido en la simulación, por lo que no es necesario colocarlo; aunque si debería ser colocado en situaciones reales.
Saludos
I have doubt in the following question
Select two protocols from the following to enable cisco sdm to pull ips alerts from a cisco isr router
tftp syslog
sdee sdee
ssh ftp
https tftp
ssh
https
the first coloumn of option is from the p4s and second tis. The ans they have given is sdee and https. I think sdee and syslog. Any suggestion?
this is the configuration I used on the exam a few weeks ago, and was given a 75% on layer 2 security portion of exam. one of my colleagues had this exact same outcome, so I am not sure, but there may be an issue with the exam. We both did ‘copy running-config startup-config’ as well as the ‘show’ command.
any thoughts?
Hello,
Yesterday I gave exam and I cleared it with 977/1000 . I had above simulator in exam
. I did execute all the same instructed commands still when i did “sh port-security int f0/12″
it showed
Port Security: disabled
Violation Mode: Shutdown
Maximum MAC Address: 2
I am pretty sure i had executed all commands and did “sh” and “no sh ” on port 12 couple of times . I did over 2 – 3 times same config still nothing happend.
I got 75% marks in the exam can anyone explain my mistake so that no 1 repeats them in future. Also i guess that there is some issue in exam
switchport port-security mac-address sticky
I guess we need to add this command .
I asked my friend who had appeared a month ago he said this command is missing
any ways . I passed . TY securitytut !!
@Yagnik
brother pls mail the latest dumps u read to my mail id sashidhar06@gmail.com
r the latest dumps still valid and are all questions coming from dumps pls share u r experience
thanking u
sashidhar
@sashidhar go through evry question of this website you surely will pass!! I will mail you some important links any ways
Hai friends
pls tell me the best book for ccna sec.anyone have the link pls post
Thanks in advance
It is very good sim i have passed ccna and i wont to have ccna security exam to.
Hi Shasidhar,
If you have cleared your exam, will u share the latest dumps.
my e-mail id is kevalthanki1987@gmail.com
Thanks in advance
Keval
http://www.examcollection.com/640-553.html
For this site you need to download virtual cert exam first. (any old version will do). Just download it after searching this
software with crack in google.
http://www.careercert.info/2009/08/ccna-security-study-material.html
all the books ,dumps , videos from this site
http://www.securitytut.com
this site you already know. It has all the rite answers becoz in some dumps pdf answer are marked wrong.
http://ccna-ccnp-ccsp-ccie-training-gurgaon.blogspot.com/search/label/CCNA%20Security%20640-553
ALL THE MATERIAL FOR CCNA SECURITY
IF ANYBODY HAS NEW DUMPS PLEASE GIVE LINK
Thank u
I got 1000 in exam yesterday.
I had above simulator in exam and the answer securitytut provided was right.
I have entered “switchport port-security mac-address sticky” in exam but the simulator said the command was not support.
This site is wonderful!!! I made it even within all odds and pressures. Looking forward to writing my CCSP exams soon. Thanks guys!
Yagnik … You do not need mac-address sticky…It says nothing about making the port specific to accepting only certain mac-address but only allowed to two…
@Securitytut: The default settings for port security when enabled are:
1. Accept a maximum of 1 mac address
2. Shutdown on violation
Is it necessary then that we should put the command –
switchport port-security violation shutdown
@ivartyn: In fact we don’t need to use that command because it is the default behavior of the router when the security policy is violated.
I’m need guideline about ccna security lab…..insoanki@gmail.com my mail address….plz help me
i also need a guideline about ccna security labsim, because i just wrote my ccna and i did’nt
understand the labsim,i was really confused.please help me.(dekuftelecom@yahoo.com)
I just cleared my ccna security yesterday…. got 1000… so yes .. all the answers here are correct and all the sims are absolutely correct….
i have the latest dumps aswell… if anyone of you need it … mail me at
naveedquadri@gmail.com
will be glad to help….
i am plannin to give my ccsp now… anyone who is also opting for same line… please get in touch …. i need the dumps for ccsp.
Best of luck everyone!
Did test yesterday, got 1000/1000. This is the only true “lab” in the sense of configuring something. Other “labs” are just answering questions after looking at different screens of SDM.
2 things:
I did issue the command “switchport port-security violation shutdown” just in case, although I knew it was the default.
I did “shutdown” followed by “no shutdown”. Twice!
Those two did not make any difference: in the running config, there was no line under f0/12 saying anything about violation (I guess it’s because this is the default). When issuing command “show port-security interface f0/12″, the port status was secure-down. I’m not sure if this is the right status (why not secure-up?) after shut+no shut, but being a perfect score, I guess it’s correct.
Do not forget to save your config (copy run start).
All material on this site is valid, as is http://www.examcollection.com/cisco/Cisco.TestInside.640-553.v2010-08-27.by.noname.137q.vce.file.html from examcollection. Please be advised that in this dump there are two WRONG D&D: 130 and 133. You can find the right answers in questions 56 and 89, respectively.
Good luck everyone and thanks securitytut.
Yagnik,
And I’m pretty sure you missed out, typing the command that actually enables port security:
#switchport port-security
Once this has been typed in, the port is enabled for PS and any other configuration follows(sticky/violation/static mac). It’s easy to combine and miss the above command since students think starting off with “switchport mode access” OR “switchport port-security maximum 2″ is sufficient enough to get the job done.
Summary: DO NOT skip #switchport port-security before entering the violation/maximum arguments.
@ Every body…
Please help me. I got my ccna… please guide me how to get start…
@afridi,
You need to study. Grab Todd Lammle’s book and study the first few chapters for your basics.
Does anyone have the Testking 640-553 pf so I can get a copy. If so please send it to email address mylife69_2000@yahoo.com
Hi all, just pass my ccnas exam. This site still valid. Thanks securitytut.
@ Robert – Would you please send me the latest dumps by which you passed your exam?
I have my CCNA Security exam on 3rd June 2011.
If u have please mail me at: spyofhearts88@yahoo.com
Thanx
@ Robert – please send me a copy of the latest dumps @ skrocks22@gmail.com ,,
thanksssss
i do it all above steps but my result :
port security :enable
port status :secure-up (not down)
violation mode :shutdown
this was my problem
but after change the confige fa0/12
from no shutdown to shutdown
he give me same your result
Is this correct …؟؟؟
Thank you 9tut
WALEED WOULD YOU PLZ SEND ME DUMPS AND EXAMS YOU GET ABOUT CCNA SECURITY AT
AERAQUA14@YAHOO.FR THANK U
Hi All,
I have given exam and passed with 1000/1000. Studied as follows-
1. Simlets and lab – used securitytut (100 % valid)
2. Questions- Testinside Ver 6.12 (Q.137)
3. CISCO Official certification guide,CCNA Security Authorized Self-Study Guide
Passing score – 804/1000
Time- 120 mins (India)
How much does the exam cost in India?
Congratulations! Rohann
Please try to send me dumps on my email
eng_nizar0j@hotmail.com
thanks
hi today i atten the ccna sec 640-553 i passed score 955 same dumps noname 137 q still dumps valid
Yo guys i just passed my exam today with the total score of 988/1000
Thanx to u all
Many thanks…passed 2day with 977/1000
inmate is noname still current? and any update on CCNA security dump
Yarhim and MOH how many SDM are on the exam? there is only one on this site? what material did your study? thks
Can some one send a copy of testking pdf WRUSSELL06@YAHOO.COM Thanks
I understand all of the necessary configurations for this particular lab sim. However, why is the “no shutdown” command needed. Isn’t the fa0/12 interface already up and running?
Whenever you configure the interface it is always in the down (shut) position so you have to bring it up.
Use this link:
http://www.careercert.info/2009/08/ccna-security-study-material.html
pretty good info
Hi friends,
Anybody have CCNA Security Latest dumps. I have to attend the exam in another 3 days.
rathravin@gmail.com
regards
Ratheesh
Hi Ratheesh,
Can you please share your experience after exam as I’ve my exam on 19th August 2011? I want to know whether questions are still valid or not!
thanks,
Cisco
Could someone please send me latest dumps for ccna security.
praveenkale87@gmail.com
Thanks…
Please can anyone tell me where i can find video lectures for CCNP Secirity: 642-617, 642-627, 642-637, 642-647. i would really appreciate it.
juniorpsalm@yahoo.com
Pls assist me with the latest dump for 640-553. My email is mamakola@hotmail.com. Thanks.
Taking Security Exam tomorrow…. The onto CCNP IPS Exam.. please send any info for CCNP IPS exam my way please… thank you.. jarvizel1@gmail.com
HI Masterbone,
Could you please let us know your experience and is the site still valid ?
Wish you good luck !!!!!
Guys, anyone with latest CCNA SECURITY dumps
to “myself”. I want to say that the correct answer at q133 is ” Acces-list will prevent address spoofing from interface E0. For detailed explantion go to page 357 from Kevin Wallce’s books CCNA Security Official Exam Certification Giude, chapter 10 , subtitle Preventing IP Spoofin with ACLs
Passed today..dumps still valid….but I think there is a problem with this lab in the exam…I did all configuration and still scored 75%…Can we look at the config commands again…
Most of question were drag and drop…with multi choice answers…everything on this site is legit….Thank You securitytut..
link for the dumps
http://www.examcollection.com/cisc/Cisco.CertKey.640-553.v2011-08-15.by.Spike.165q.vce.file.html
I’m keep trying to configure the SDM on GNS3 for a week but I have the same result, when the sdm starts loading it shows “Please wait while sdm is loading the current configuration from your router. Discovering router hardware attributes.”
So now I’m looking for somebody who could help me to set up a virtual lab on mine or for remote login for some paypal donation.
Please contact me if you have some free time for some money, contact me on kelenyi@gmail.com
Thanks,
Attila
please any one can send me a valid ccna security dump. please
imisuru88@yahoo.com
PLEASE CAN SOMEONE TELL ME HOW TO OPEN THIS LAB ON PACKET TRACER TO PRACTICE THE COMMAND. THANK YOU VERY MUCH GUYS, WISH EVERYONE THE BEST WITH THEIR STUDIES.