Catalyst Ethernet Switch Setup II 6 Points

Configure the following security features on the Catalyst 3550:

■ Ensure that all of your interfaces are secure and that, if a secure breach occurs, the network administrator should take the strictest action possible.

■ Set the Ethernet ports 0/1-8 to forward data immediately after a device is plugged in or activated.

■ Set all interfaces such that unnecessary broadcast traffic will be suppressed once the switch has anything over 50 percent of total traffic.

Catalyst Ethernet Switch Setup II Solution

The Catalyst 3550 switch has a feature known as port security. If a MAC address is changed, for instance, the interface can be set to take action such as shutting down the interface. Example 8-25

displays the command to enable port security.

Example 8-25 Enabling Port Security

Switch(config)#interface fastethernet0/1 switch(config-if)# switchport port-security

The following is the IOS command to take immediate action once a breach occurs:

Router(config-if)# switchport port-security violation {protect | restrict | shutdown}

Example 8-26 configures the Catalyst 3550 switch for port security on all enabled interfaces and sets the action as shutdown if a violation does occur. Notice the use of the range command to simplify the confirmation tasks.

Example 8-26 Switch Port Security switch#config terminal switch(config)#interface range FastEthernet0/1 - 12

switch(config-if-range)# switchport port-security switch(config-if-range)# switchport port-security violation shutdown

Finally, the last task required is to suppress broadcast traffic once traffic exceeds 50 percent. Once again we will use the range command to set the interfaces to stop sending broadcast traffic once a limit of 50 percent (broadcast traffic, that is) has been reached.

Example 8-27 configures the Catalyst 3550 for broadcast traffic to 50 percent.

Example 8-27 Broadcast Suppression at 50 Percent switch#config terminal switch(config)#interface range FastEthernet0/1 - 12 switch(config-if-range)# storm-control broadcast level 50.00

