Slide

  • LINUX

    LINUX:In 1969 AT&T made a decision to withdraw Multics and go with GECOS (General Electric Comprehensive Operating Supervisor / System), with AT & T in Bells Lab when Multics was withdrawn some of the programmers named Ken Thompson and Dennis Ritchie decided to rewrite operating system in order to support low cost computer..To Know More

    CLICK HERE

  • MICROSOFT

    MICROSOFT:Microsoft was established to develop and sell BASIC interpreters for the Altair 8800. It rose to dominate the home computer operating system market with MS-DOS in the mid-1980s,followed by the Microsoft Windows line of operating systems. To Know More

    CLICK HERE

  • CISCO

    CISCO:During the early 1980s, there was a married couple namely Len and Sandy Bosack who used to work in two different departments of computer located in Stanford University. This couple was facing problem in making their computers communicate with each other To Know More

    CLICK HERE

showinfo=1

MAC-BASED PORT SECURITY ON EXTREME SWITCH


MAC-BASED PORT SECURITY


Type-1) Mac-based port security using local database

## mac based port security using local database ###

##create mac based netlogin for single port ##
create vlan Netlogin-test
configure netlogin vlan Netlogin-test
configure netlogin mac authentication database-order local
configure netlogin add mac-list 00:2a:00:00:ab
create netlogin local-user 002A0000AB 002A0000AB
enable netlogin mac
enable netlogin ports 40 mac

Note:- you need to create database manually

##create mac based netlogin for 10 port ##
create vlan Netlogin-test
configure netlogin vlan Netlogin-test
configure netlogin mac authentication database-order local
configure netlogin add mac-list 00:2a:00:00:ab ------> you can specify specific ports for this mac address
create netlogin local-user 002A0000AB 002A0000AB
enable netlogin mac
enable netlogin ports 30 - 40 mac

Note:- the above mac address pc can be connected to 10 ports in the switch. similarly you can have multiple pc on multiple ports..


### Removing netlogin ##################
delete netlogin local-user
configure netlogin delete mac-list
disable netlogin port 40 mac
disable netlogin mac
unconfigured netlogin vlan
delete vlan Netlogin-test
#########################################


### to check MAC ADDRESS IN ROUTER ####
show fdb ports all
show fdb ports 40
############################################



Type-2) Mac-based port security using Radius Server

#############################################################
##radius server configuration for Port block (MAC-BASED)######
Requirement Radius Server & Client software is default load to EXOS
#####
###Radius Server config in Centos 6###

#yum install freeradius freeradius-mysql freeradius-utils mysql-server
#service mysqld start
#/usr/bin/mysql_secure_installation
-- configure the mysql to your requirement ---
#mysql -u root -p
mysql>CREATE DATABASE radius;
mysql>GRANT ALL PRIVILEGES ON radius.* TO radius@localhost IDENTIFIED BY "radpass";
mysql>flush privileges;
mysql> use radius;
mysql>SOURCE /etc/raddb/sql/mysql/schema.sql
mysql>exit

#vi /etc/raddb/sql.conf
-- enter your mysql database details you just created, Example: ---

# Connection info:
server = "localhost"
#port = 3306
login = "radius"
password = "radpass"

# Database table configuration for everything except Oracle
radius_db = "radius"

#vi /etc/raddb/radiusd.conf
--- ensure that the line uncommented ---

$INCLUDE sql.conf

Edit /etc/raddb/sites-available/default and uncomment the line containing ‘sql’ in the authorize{} section
and ‘sql’ in the accounting {} section, also uncomment ‘sql’ under session {}.

Additionally, edit /etc/raddb/sites-available/inner-tunnel and
uncomment the line containing ‘sql’ under “authorize {}” and under session {}.

#vi /etc/raddb/clients.conf

secret = trace1234

#service radiusd restart
#vi /etc/raddb/clients.conf
--- enter the client ip in this file ---

Note:- whenever you make changes to client file restart the radius server

#service radiusd restart
#mysql -u root -p
mysql>use radius;
mysql>INSERT INTO `radcheck` (`id`, `username`, `attribute`, `op`, `value`) VALUES (1,'test','User-Password',':=','test');

---to remove entery ----
mysql>delete from radcheck where id=1;
mysql>exit

-- check radius is working fine --
#radtest test test 127.0.0.1 0 trace1234

#chkconfig radiusd on
#chkconfig mysqld on

#### router config #####


create vlan portsecurity
configure netlogin vlan "portsecurity"
configure netlogin mac authentication database-order radius
configure radius netlogin primary shared-secret trace1234
configure radius netlogin primary server 10.15.0.148 client-ip 10.1.0.205 vr "VR-Default" ---> VR-Default is the virtual router to check sh vlan
configure netlogin add mac-list 00:2a:00:00:ab
enable radius netlogin
enable netlogin mac
enable netlogin port 40 mac


Note:- you need to create mac-list manually & store username and password in radius server.


#####################################################################

#### Remove netlogin radius config on router ######

configure netlogin delete mac-list EC:A8:6B:F5:13:A9
disable netlogin ports 40 mac
disable netlogin mac
unconfigure radius netlogin server primary
unconfigure netlogin vlan
unconfigure netlogin vlan
#####################################################



Type-3) Mac-based port security using MAC-LOCKDOWN

### MAC-LOCKDOWN ##########

--- connect PC to port 40 so that it takes the mac --
show fdb ports 40
--- once it shows the mac run below command to lock mac to that port ---
configure ports 40 vlan "Default" lock-learning

---- if want more PC to be connected to the same port after locking add it manually in fdb ---
create fdbentry 00:00:00:00:00:00 "Default" ports 40

--- To remove fdb entry ---
delete fdbentry 00:00:00:00:00:00 "Default"

--- to unlock --
configure ports 40 vlan "Default" unlock-learning
##############################################

26 comments:

  1. Thanks for taking the time to discuss this, I feel about it and love learning more on this topic. If possible, as you gain expertise, would you mind updating your blog with more information? It is extremely helpful for me.
    http://www.wvukids.org |

    ReplyDelete
  2. Thank you for another fantastic posting. Where else could anyone get that kind of information in such a perfect way of writing? I have a speech next week, and I was looking for more info ;)
    reseau-mpp-idf.org |

    ReplyDelete
  3. It is Very nice post. I just stumbled upon your weblog and wished to say that I have truly enjoyed surfing around your blog posts.
    http://www.eldercarematterscanada.com |

    ReplyDelete
  4. Very interesting article. I would love to read the book “Start with Why”, by Simon Sinek. I think he has taken a great topic to deal with.
    www.kids2prosports.org |

    ReplyDelete
  5. Aim for a higher progress and development and work your way from those goals and plans. Interesting in here indeed. thanks for the share.
    sendacardhome.com |

    ReplyDelete
  6. This is cool post and i enjoy to read this post. your blog is fantastic and you have good staff in your blog. nice sharing keep it up.
    appliedsatellitetechnology.com |

    ReplyDelete
  7. Outstanding blog post, I have marked your site so ideally I’ll see much more on this subject in the foreseeable future.
    http://www.horsebaktour.com |

    ReplyDelete
  8. The post is written in very a good manner and it entails much useful information for me. I am happy to find your distinguished way of writing the post.
    www.californiavacationpackages.net |

    ReplyDelete
  9. Pretty portion of content. I just stumbled upon your weblog and in accession capital to assert that I acquire in fact enjoyed account your weblog posts. Any way I will be subscribing on your augment or even I achievement you get admission to constantly quickly.
    http://www.youtubev.net |

    ReplyDelete
  10. This is an excellent post I seen thanks to share it. It is really what I wanted to see hope in future you will continue for sharing such a excellent post.
    ny-businesslaw |

    ReplyDelete
  11. Very interesting article. I would love to read the book “Start with Why”, by Simon Sinek. I think he has taken a great topic to deal with. Teaching leaders to inspire others is a good idea to bring up a civilized society. Thanks for sharing. Keep posting.
    weddingcakescork.com |

    ReplyDelete
  12. Well, very good post with informative information. I really appreciate the fact that you approach these topics from a stand point of knowledge and information. This is the first time, I visited at your site and became your fan. You are bookmarked. Please keep on posting.
    coolpetslive |

    ReplyDelete
  13. Hi, i think that i saw you visited my blog thus i came to “return the favor”.I’m trying to find things to improve my website!I suppose its ok to use some of your ideas!!
    hbc-business.com |

    ReplyDelete
  14. great article, I was very impressed about it, wish you would have stayed next share
    www.baixar-whatsapp.com.br

    ReplyDelete
  15. I was very impressed by this post, this site has always been pleasant news. Thank you very much for such an interesting post. Keep working, great job! In my free time, I like play game: mutilateadoll2game.com. What about you?

    ReplyDelete
  16. I like your all post. You have done really good work. Thank you for the information you provide, it helped me a lot. I hope to have many more entries or so from you.
    Very interesting blog.
    minecraft2.com.br

    ReplyDelete

Note:- Comment as: Option available to post without login select "Anonymous" from the drop down...........

For Latest Updates: Subscribe Now | | Test Your Knowledge, Take a Quiz now Click Here | | Site Best Viewed In Firefox

X