Cisco CCNA Certification Exam Tutorial: Port-Based Authentication
480
Computers > Computer Certification
Mar 1, 2007
Chris Bryant, CCIE #12933
Cisco CCNA Certification Exam Tutorial: Port-Based Authentication
To pass your CCNA exam and earn this coveted certification, you must understand the details of port-based authentication. This knowledge has a great deal of value in production networks as well, since this authentication scheme is regularly implemented. Let's take a look at this particular CCNA skill.
Consider a situation where you have a server that will be connected to your switch, and you want the port to shut down if a device with a different MAC address that that of the switch attempts to connect to that port. You could also have a situation where you have someone who has a connection to a switch port in his office, and he wants to make sure that only his laptop can use that port.
Both of these examples are real-world situations, and there are two solutions for each. First, we could create a static MAC entry for that particular switch port. I don't recommend this, mainly because both you and I have better things to do than manage static MAC entries. The better solution is to configure port-based authentication on the switch.
The Cisco switch uses MAC addresses to enforce port security. With port security, only devices with certain MAC addresses can connect to the port successfully. This is another reason source MACs are looked at before the destination MAC is examined. If the source MAC is non-secure and port-based authentication is in effect, the destination does not matter, as the frame will not be forwarded. In essence, the source MAC address serves as the password.
MAC addresses that are allowed to successfully communicate with the switch port are secure MAC addresses. The default number of secure MAC addresses is 1, but a maximum of 132 secure MACs can be configured.
When a non-secure MAC address attempts to communicate with the switch port, one of three actions will occur, depending on the port security mode. In Protect mode, frames with non-secure MAC addresses are dropped. There is no notification that a violation has occurred. The port will continue to switch frames for the secure MAC address.
In Restrict mode, the same action is taken, but a syslog message is logged via SNMP, which is a messaging protocol used by Cisco routers.
In Shutdown mode, the interface goes into error-disabled state, the port LED will go out, and a syslog message is logged. The port has to be manually reopened. Shutdown mode is the default port-security mode.
Port-based authentication is just one of the many switching skills you'll have to demonstrate to earn your CCNA certification. Make sure you know the basics shown here, including the action of each particular mode, and you're on your way to CCNA exam success! Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNA and CCNP tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages. You can also join his RSS feed and visit his blog, which is updated several times daily with new Cisco certification articles, free tutorials, and daily CCNA / CCNP exam questions! Details are on the website. For a FREE copy of his latest e-books, ?How To Pass The CCNA? and ?How To Pass The CCNP?, visit the website and download your free copies. You can also get FREE CCNA and CCNP exam questions every day! Get your CCNA study guide from The Bryant Advantage!
Consider a situation where you have a server that will be connected to your switch, and you want the port to shut down if a device with a different MAC address that that of the switch attempts to connect to that port. You could also have a situation where you have someone who has a connection to a switch port in his office, and he wants to make sure that only his laptop can use that port.
Both of these examples are real-world situations, and there are two solutions for each. First, we could create a static MAC entry for that particular switch port. I don't recommend this, mainly because both you and I have better things to do than manage static MAC entries. The better solution is to configure port-based authentication on the switch.
The Cisco switch uses MAC addresses to enforce port security. With port security, only devices with certain MAC addresses can connect to the port successfully. This is another reason source MACs are looked at before the destination MAC is examined. If the source MAC is non-secure and port-based authentication is in effect, the destination does not matter, as the frame will not be forwarded. In essence, the source MAC address serves as the password.
MAC addresses that are allowed to successfully communicate with the switch port are secure MAC addresses. The default number of secure MAC addresses is 1, but a maximum of 132 secure MACs can be configured.
When a non-secure MAC address attempts to communicate with the switch port, one of three actions will occur, depending on the port security mode. In Protect mode, frames with non-secure MAC addresses are dropped. There is no notification that a violation has occurred. The port will continue to switch frames for the secure MAC address.
In Restrict mode, the same action is taken, but a syslog message is logged via SNMP, which is a messaging protocol used by Cisco routers.
In Shutdown mode, the interface goes into error-disabled state, the port LED will go out, and a syslog message is logged. The port has to be manually reopened. Shutdown mode is the default port-security mode.
Port-based authentication is just one of the many switching skills you'll have to demonstrate to earn your CCNA certification. Make sure you know the basics shown here, including the action of each particular mode, and you're on your way to CCNA exam success! Chris Bryant, CCIE #12933, is the owner of The Bryant Advantage, home of free CCNA and CCNP tutorials, The Ultimate CCNA Study Package, and Ultimate CCNP Study Packages. You can also join his RSS feed and visit his blog, which is updated several times daily with new Cisco certification articles, free tutorials, and daily CCNA / CCNP exam questions! Details are on the website. For a FREE copy of his latest e-books, ?How To Pass The CCNA? and ?How To Pass The CCNP?, visit the website and download your free copies. You can also get FREE CCNA and CCNP exam questions every day! Get your CCNA study guide from The Bryant Advantage!
Write a Review
Add to My Favorite
Refer it to Friend
Report Article
Other links owned by this user
Earning your CCNP certification and ing the BSCI exam depends on knowing the details of many Cisco technologies, ISIS chief among them. To help you prepare for exam success, here's a list of ISIS terminology and basic concepts that will help you
Category:
To earn your Cisco CCNA certification and pass the BSCI CCNP exam, you have to know your protocol basics like the back of your hand! To help you review these important concepts, here's a quick look at the basics of RIPv1, RIPv2, IGRP, and
Category:
Imagine this. You have an appointment with a client to work on a server or router install. A few minutes before you're scheduled to be there, you decide there's something really good on TV you'd like to watch. Or you decide to go to the gym, or play a
Category:
To pass he BCMSN exam and earn your CCNP cerificaion, you've go o know HSRP inside and ou. While he operaion and basic commands of HSRP are prey simple, here are some imporan deails ha are easily overlooked bu are vial in geing HSRP
Category:
One f the first things yu learned abut Frame is that the LMI als serves as a keepalive, r a heartbeat - and if three cnsecutive LMIs are missed, the line prtcl ges dwn. There's a limitatin t LMI as a keepalive, thugh. The LMI is exchanged
Category:
Whether you're on the road to the CCNA, CCNP, MCSE, or you're on any other computer certification track, the odds are that sooner or later, you're gog to fail an exam. It's happened to almost all of us, yours truly cluded. What you have to keep
Category:
Dialer Watch is a vital part of your CCNA and CCNP studies, particularly for the BCRAN exam, but it's one of the most misunderstood technologies as well. To help you pass the CCNA and CCNP certification exams, here's a detailed look at Dialer
Category:
Policy routing is a major topic on your BSCI exam, and you'll find quite a bit of policy routing going on in today's production networks. But what exactly is policy routing? Policy-based routing, generally referred to as "policy routing", is the
Category:
Part of studying for CCNA exam success is keeping all these new commands straight in your head! And let's face it, there are a lot of commands you need to know in order to pass the CCNA exam and earn that certification. Here's a review of some very
Category:
To pass your CCNA exam and earn this coveted certification, you must understand the details of port-based authentication. This knowledge has a great deal of value in production networks as well, since this authentication scheme is regularly implemented.
Category:
Like TCP, BGP is connection-oriented. An underlying connection between two BGP speakers is established before any routing information is exchanged. This connection takes place on TCP port 179. As with EIGRP and OSPF, keepalive messages are sent out by
Category:
ISDN is a huge topic on both your Cisco CCNA and BCRAN CCNP exams. While many ISDN topics seem straightforward, it?s the details that make the difference in the exam room and working with ISDN in production networks. Configuring and troubleshooting
Category:
When you're studying for the BSCI exam on the way to earning your CCNP certification, it's safe to say that BGP is like nothing you?ve studied to this point. BGP is an external routing protocol used primarily by Internet Service Providers (ISPs).
Category:
When you're working on your BCMSN exam on your way to CCNP certification, you'll read at length about how Cisco routers and multilayer switches can work to provide router redundancy - but there's another helpful service, Server Load Balancing, that
Category:
Not only is your CCNA exam going to have questions on VLAN trunking protocol, almost any network that has more than one VLAN is going to have VTP running. Whether you're planning on passing the CCNA exam or just brushing up on your networking skills,
Category:
Your BCMSN and CCNP studies will include mastering the details of Spanning Tree Protocol (STP). While you learned some of these details in your CCNA studies, quite a bit of it may be new to you. Before going on to the intermediate and advanced STP
Category:
To ern your CCNA or CCNP certifiction, you've got to understnd the bsics of trunking. This isn't just CCNA topic - you must hve n dvnced understnding of trunking nd etherchnnels to pss the BCMSN exm nd ern your CCNP s well. Before we
Category:
To pass the BCMSN exam and earn your CCNP, you've got to know HSRP inside and out! Part of that is knowing how the MAC address of the virtual router is derived, and another part is knowing how to change this address. We'll look at both features in this
Category:
To pass the BSCI exam an earn your CCNP, you've got to keep a lot of etails in min. It's easy to overlook the "simpler" protocols an services such as static routing an istance vector protocols. With this in min, here's a quick review of some
Category:
Other links at Computers > Computer Certification
* What does certified mean? There are four accepted meanings of the adjective ?certified? but only two of which satisfy the needed meaning. To be certified means to be endorsed with authority by an institution or a person with higher
Category:
ISDN is a huge topic on both your Cisco CCNA and BCRAN CCNP exams. While many ISDN topics seem straightforward, it?s the details that make the difference in the exam room and working with ISDN in production networks. Configuring and troubleshooting
Category:
CCNA exam success deends artially on knowing the details of ISDN, and there are lenty of them! To hel you review for your CCNA exam, here are a few ISDN details that you must know on exam day. (They hel in the real world, too ? and there are still
Category:
To earn your Cisco CCNA certification and pass the BSCI CCNP exam, you have to know your protocol basics like the back of your hand! To help you review these important concepts, here's a quick look at the basics of RIPv1, RIPv2, IGRP, and
Category:
To be truly prepared for your CCNA and CCNP exams, you need real hands-on experience with real Cisco routers and switches. However, a production network is a really bad place to practice your configurations, but an excellent way to get fired and/or
Category:
Site Sponsor
Directory Statistics
Articles: 68228
Categories: 501
Yahoo Entertainment
