SlideShare uma empresa Scribd logo

Cisco Switch How To - Secure a Switch Port

IPMAX s.r.l.
IPMAX s.r.l.

In this lesson we will show how to prevent that unknown or unauthorized devices can obtain access to the network.

Tecnologia
1 de 8
Baixar para ler offline
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Secure a Switch Port CISCO Switch
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Next, you must identify a set of allowed MAC addresses so that the port can grant them access. You can explicitly configure addresses or they can be learned dynamically from port traffic. On each interface that uses port security, specify the maximum number of MAC addresses that will be allowed access using the following interface configuration command: Switch(config-if)#switchport port-security maximum max-addr 01 In some environments, a network must be secured by controlling what stations can gain access to the network itself. Where user workstations are stationary, their MAC addresses always can be expected to connect to the same access-layer switch ports. If stations are mobile, their MAC addresses can be learned dynamically or added to a list of addresses to expect on a switch port. Catalyst switches offer the port security feature to control port access based on MAC addresses. To configure port security on an access-layer switch port, begin by enabling it with the following interface-configuration command: Switch(config-if)#switchport port-security Secure a Switch Port CISCO Switch 1. Port security By default, only one MAC address will be allowed access on each switch port. You can set the maximum number of addresses in the range of 1 to 1,024.
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT You also can statically define one or more MAC addresses on an interface. Any of these addresses are allowed to access the network through the port. Use the following interface configuration command to define a static address: Switch(config-if)#switchport port-security mac-address mac-addr 02 Each interface using port security dynamically learns MAC addresses by default and expects those addresses to appear on that interface in the future. These are called sticky MAC addresses. MAC addresses are learned as hosts transmit frames on an interface. The interface learns up to the maximum number of addresses allowed. Learned addresses also can be aged out of the table if those hosts are silent for a period of time. By default, no aging occurs. For example, to set the maximum number of MAC addresses that can be active on a switch port at any time to two, you could use the following command: Switch(config-if)#switchport port-security maximum 2 Secure a Switch Port CISCO Switch 2. Set maximum mac address
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Finally, you must define how each interface using port security should react if a MAC address is in violation by using the following interface-configuration command: Switch(config-if)# switchport port-security violation {shutdown | restrict |protect} 03 The MAC address is given in dotted-triplet format. If the number of static addresses configured is less than the maximum number of addresses secured on a port, the remaining addresses are learned dynamically. Be sure to set the maximum number appropriately. You can use the following command to configure a static address entry on an interface: Switch(config-if)#switchport port-security mac-address 0006.5b02.a841 Secure a Switch Port CISCO Switch 3. Set reaction to violation A violation occurs if more than the maximum number of MAC addresses are learned or if an unknown (not statically defined) MAC address attempts to transmit on the port. The switch port takes one of the following configured actions when a violation is detected: • Shutdown - The port immediately is put into the errdisable state, which effectively shuts it down. It must be re-enabled manually or through errdisable recovery to be used again. • Restrict - The port is allowed to stay up, but all packets from violating MAC addresses are dropped. The switch keeps a running count of the number of violating packets and can send an SNMP trap and a syslog message as an alert of the violation. • Protect - The port is allowed to stay up, as in the restrict mode. Although packets from violating addresses are dropped, no record of the violation is kept.
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT When the default maximum of one MAC address is exceeded on this interface, the condition is logged but the interface stays up. This is shown by the following syslog message: Jun 3 17:18:41.888 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5e00.0101 on port GigabitEthernet0/11 04 As an example of the restrict mode, a switch interface has received the following configuration commands: interface GigabitEthernet0/11 switchport access vlan 991 switchport mode access switchport port-security switchport port-security violation restrict spanning-tree portfast Secure a Switch Port CISCO Switch 3. Set reaction to violation In the shutdown mode, the port security action is much more drastic. When the maximum number of MAC add resses is exceeded, the following syslog messages indicate that the port has been shut down in the errdisable state: Jun 3 17:14:19.018 EDT: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/11, putting Gi0/11 in err-disable state Jun 3 17:14:19.022 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0003.a089.efc5 on port GigabitEthernet0/11. Jun 3 17:14:20.022 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Gigabit Ethernet0/ 11, changed state to down Jun 3 17:14:21.023 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet0/11, changed state to down
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT 05 The command show port-security interface , shows port status as you can see in the following exemple Switch#show port-security interface gigabitethernet 0/11 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 0 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 0003.a089.efc5 Security Violation Count : 1 Secure a Switch Port CISCO Switch 4. Port Status To see a quick summary of only ports in the errdisable state, along with the reason for errdisable, you can use the show interfaces status err-disabled command, as demonstrated in Example Switch#show interfaces status err-disabled Port Name Status Reason Gi0/11 Test port err-disabled psecure-violation
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT 06 Finally, you can display a summary of the port-security status with the show port-security command, as demonstrated in next Example Switch#show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Gi0/11 5 1 0 Restrict Gi0/12 1 0 0 Shutdown --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 6176 Secure a Switch Port CISCO Switch 4. Port Status
To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT More Needs? Services and Solutions Products Remote IpService Security Via Ponchielli, 4 20063 Cernusco sul Naviglio (MI) – Italy +39 02 9290 9171 info_ipmax@ipmax.it About us IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation

Recomendados

How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatchHuawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatchIPMAX s.r.l.
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID ConfusionHuawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID ConfusionIPMAX s.r.l.
 
Cisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configurationCisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configuration3Anetwork com
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switchHector Camba Lainez
 
Port Security
Port SecurityPort Security
Port SecurityNetProtocol Xpert
 
How to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchHow to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchIT Tech
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 

Recomendados

How to configure port security in cisco switch
How to configure port security in cisco switchHow to configure port security in cisco switch
How to configure port security in cisco switchIT Tech
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatchHuawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatch
Huawei ARG3 Router How To - Troubleshooting OSPF: Netmask mismatchIPMAX s.r.l.
 
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID ConfusionHuawei ARG3 Router How To - Troubleshooting OSPF: Router ID Confusion
Huawei ARG3 Router How To - Troubleshooting OSPF: Router ID ConfusionIPMAX s.r.l.
 
Cisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configurationCisco 2960 basic configuration – vlan configuration
Cisco 2960 basic configuration – vlan configuration3Anetwork com
 
Cap2 configuring switch
Cap2 configuring switchCap2 configuring switch
Cap2 configuring switchHector Camba Lainez
 
Port Security
Port SecurityPort Security
Port SecurityNetProtocol Xpert
 
How to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchHow to create and delete vlan on cisco catalyst switch
How to create and delete vlan on cisco catalyst switchIT Tech
 
Cisco Switch Security
Cisco Switch SecurityCisco Switch Security
Cisco Switch Securitydkaya
 
Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port SecurityHamed Moghaddam
 
Configuring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup programConfiguring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup program3Anetwork com
 
Cisco CCNA-Router on Stick
Cisco CCNA-Router on StickCisco CCNA-Router on Stick
Cisco CCNA-Router on StickHamed Moghaddam
 
How to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHow to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHarris Andrea
 
ccna-discowey-final-100
ccna-discowey-final-100 ccna-discowey-final-100
ccna-discowey-final-100junkut3
 
Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2Abdul Basit
 
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessBasic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessHarris Andrea
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 MinutesCCNAResources
 
Cisco switch commands cheat sheet
Cisco switch commands cheat sheetCisco switch commands cheat sheet
Cisco switch commands cheat sheet3Anetwork com
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallHarris Andrea
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?Huanetwork
 
Switching and Port Security
Switching and Port Security Switching and Port Security
Switching and Port Securityusman19
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingRafat Khandaker
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsEng. Emad Al-Atoum
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport securityIT Tech
 
How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616Huanetwork
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defenseHuanetwork
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracerAnabia Anabia
 
lab1
lab1lab1
lab1guest575c3e
 
SRWE_Module_11.pptx
SRWE_Module_11.pptxSRWE_Module_11.pptx
SRWE_Module_11.pptxJosimar Caitano
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptxjoko
 

Mais conteúdo relacionado

Mais procurados

Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port SecurityHamed Moghaddam
 
Configuring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup programConfiguring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup program3Anetwork com
 
Cisco CCNA-Router on Stick
Cisco CCNA-Router on StickCisco CCNA-Router on Stick
Cisco CCNA-Router on StickHamed Moghaddam
 
How to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHow to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHarris Andrea
 
ccna-discowey-final-100
ccna-discowey-final-100 ccna-discowey-final-100
ccna-discowey-final-100junkut3
 
Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2Abdul Basit
 
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessBasic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessHarris Andrea
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructorSalem Trabelsi
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 MinutesCCNAResources
 
Cisco switch commands cheat sheet
Cisco switch commands cheat sheetCisco switch commands cheat sheet
Cisco switch commands cheat sheet3Anetwork com
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallHarris Andrea
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?Huanetwork
 
Switching and Port Security
Switching and Port Security Switching and Port Security
Switching and Port Securityusman19
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingRafat Khandaker
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsEng. Emad Al-Atoum
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport securityIT Tech
 
How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616Huanetwork
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defenseHuanetwork
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracerAnabia Anabia
 

Mais procurados (20)

Cisco CCNA Port Security
Cisco CCNA Port SecurityCisco CCNA Port Security
Cisco CCNA Port Security
 
Configuring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup programConfiguring the cisco switch with the cli based setup program
Configuring the cisco switch with the cli based setup program
 
Cisco CCNA-Router on Stick
Cisco CCNA-Router on StickCisco CCNA-Router on Stick
Cisco CCNA-Router on Stick
 
How to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco SwitchesHow to Configure Private VLANs on Cisco Switches
How to Configure Private VLANs on Cisco Switches
 
ccna-discowey-final-100
ccna-discowey-final-100 ccna-discowey-final-100
ccna-discowey-final-100
 
Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2Packet Tracer Tutorial # 2
Packet Tracer Tutorial # 2
 
Basic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet AccessBasic Cisco 800 Router Configuration for Internet Access
Basic Cisco 800 Router Configuration for Internet Access
 
6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor6.5.1.2 packet tracer layer 2 security instructor
6.5.1.2 packet tracer layer 2 security instructor
 
Ccna Commands In 10 Minutes
Ccna Commands In 10 MinutesCcna Commands In 10 Minutes
Ccna Commands In 10 Minutes
 
Cisco switch commands cheat sheet
Cisco switch commands cheat sheetCisco switch commands cheat sheet
Cisco switch commands cheat sheet
 
Configuring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA FirewallConfiguring GRE Tunnel Through a Cisco ASA Firewall
Configuring GRE Tunnel Through a Cisco ASA Firewall
 
How to Configure QinQ?
How to Configure QinQ?How to Configure QinQ?
How to Configure QinQ?
 
Switching and Port Security
Switching and Port Security Switching and Port Security
Switching and Port Security
 
CCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and TrunkingCCNA- Router on stick, VLAN and Trunking
CCNA- Router on stick, VLAN and Trunking
 
CCNA - Routing & Switching Commands
CCNA - Routing & Switching CommandsCCNA - Routing & Switching Commands
CCNA - Routing & Switching Commands
 
Configuring dynamic switchport security
Configuring dynamic switchport securityConfiguring dynamic switchport security
Configuring dynamic switchport security
 
How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616How to configure inband management for huawei ma5616
How to configure inband management for huawei ma5616
 
Example for configuring local attack defense
Example for configuring local attack defenseExample for configuring local attack defense
Example for configuring local attack defense
 
Router configuration in packet tracer
Router configuration in packet tracerRouter configuration in packet tracer
Router configuration in packet tracer
 
lab1
lab1lab1
lab1
 

Semelhante a Cisco Switch How To - Secure a Switch Port

Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptxjoko
 
Switchport port security explained with examples
Switchport port security explained with examplesSwitchport port security explained with examples
Switchport port security explained with examplesteameassefa
 
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...INFitunes
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptxSulSya
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacksdkaya
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationAbdelkhalik Mosa
 
Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Dân Chơi
 
Chapter 14 - Sw Conf
Chapter 14 - Sw ConfChapter 14 - Sw Conf
Chapter 14 - Sw Confphanleson
 
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANWebinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANNetgear Italia
 
2.2.4.9 packet tracer configuring switch port security instructions - ig
2.2.4.9 packet tracer configuring switch port security instructions - ig2.2.4.9 packet tracer configuring switch port security instructions - ig
2.2.4.9 packet tracer configuring switch port security instructions - igAlex Ramirez
 
CCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area networkCCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area networkAhmed Habib
 
CCNA Lab 2-Configuring a Switch Part II
CCNA Lab 2-Configuring a Switch Part IICCNA Lab 2-Configuring a Switch Part II
CCNA Lab 2-Configuring a Switch Part IIAmir Jafari
 

Semelhante a Cisco Switch How To - Secure a Switch Port (20)

SRWE_Module_11.pptx
SRWE_Module_11.pptxSRWE_Module_11.pptx
SRWE_Module_11.pptx
 
Security Concerns in LANs.pptx
Security Concerns in LANs.pptxSecurity Concerns in LANs.pptx
Security Concerns in LANs.pptx
 
Switchport port security explained with examples
Switchport port security explained with examplesSwitchport port security explained with examples
Switchport port security explained with examples
 
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
How to Configure Port-Security on Cisco Switch for Enhanced Network Security ...
 
Switch security
Switch securitySwitch security
Switch security
 
Ch6
Ch6Ch6
Ch6
 
Network Security- port security.pptx
Network Security- port security.pptxNetwork Security- port security.pptx
Network Security- port security.pptx
 
Mitigating Layer2 Attacks
Mitigating Layer2 AttacksMitigating Layer2 Attacks
Mitigating Layer2 Attacks
 
VLAN
VLANVLAN
VLAN
 
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and ConfigurationLAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
LAN Switching and Wireless: Ch2 - Basic Switch Concepts and Configuration
 
Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011Ccna 3 chapter 2 v4.0 answers 2011
Ccna 3 chapter 2 v4.0 answers 2011
 
Chapter 14 - Sw Conf
Chapter 14 - Sw ConfChapter 14 - Sw Conf
Chapter 14 - Sw Conf
 
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LANWebinar NETGEAR Prosafe Switch, la sicurezza della LAN
Webinar NETGEAR Prosafe Switch, la sicurezza della LAN
 
Vlan
VlanVlan
Vlan
 
2.2.4.9 packet tracer configuring switch port security instructions - ig
2.2.4.9 packet tracer configuring switch port security instructions - ig2.2.4.9 packet tracer configuring switch port security instructions - ig
2.2.4.9 packet tracer configuring switch port security instructions - ig
 
Bluetooth
Bluetooth Bluetooth
Bluetooth
 
1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618) 1-300-206 (SENSS)=Firewall (642-618)
1-300-206 (SENSS)=Firewall (642-618)
 
CCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area networkCCNA Security 07-Securing the local area network
CCNA Security 07-Securing the local area network
 
Wp ci securing_layer2
Wp ci securing_layer2Wp ci securing_layer2
Wp ci securing_layer2
 
CCNA Lab 2-Configuring a Switch Part II
CCNA Lab 2-Configuring a Switch Part IICCNA Lab 2-Configuring a Switch Part II
CCNA Lab 2-Configuring a Switch Part II
 

Mais de IPMAX s.r.l.

Huawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mappingHuawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mappingIPMAX s.r.l.
 
Huawei SAN Storage How To - Configuring the i-SCSI Communication Protocol
Huawei SAN Storage How To - Configuring the i-SCSI Communication ProtocolHuawei SAN Storage How To - Configuring the i-SCSI Communication Protocol
Huawei SAN Storage How To - Configuring the i-SCSI Communication ProtocolIPMAX s.r.l.
 
Huawei SAN Storage How To - ISM management application setup
Huawei SAN Storage How To - ISM management application setupHuawei SAN Storage How To - ISM management application setup
Huawei SAN Storage How To - ISM management application setupIPMAX s.r.l.
 
Huawei SAN Storage How To - Assigning Management IP Address
Huawei SAN Storage How To - Assigning Management IP AddressHuawei SAN Storage How To - Assigning Management IP Address
Huawei SAN Storage How To - Assigning Management IP AddressIPMAX s.r.l.
 
Huawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP serverHuawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP serverIPMAX s.r.l.
 
Fortigate Firewall How to - DLP
Fortigate Firewall How to - DLPFortigate Firewall How to - DLP
Fortigate Firewall How to - DLPIPMAX s.r.l.
 
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP modeHUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP modeIPMAX s.r.l.
 
FortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringFortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringIPMAX s.r.l.
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZIPMAX s.r.l.
 

Mais de IPMAX s.r.l. (9)

Huawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mappingHuawei Switch S5700 How To - Configuring single-tag vlan mapping
Huawei Switch S5700 How To - Configuring single-tag vlan mapping
 
Huawei SAN Storage How To - Configuring the i-SCSI Communication Protocol
Huawei SAN Storage How To - Configuring the i-SCSI Communication ProtocolHuawei SAN Storage How To - Configuring the i-SCSI Communication Protocol
Huawei SAN Storage How To - Configuring the i-SCSI Communication Protocol
 
Huawei SAN Storage How To - ISM management application setup
Huawei SAN Storage How To - ISM management application setupHuawei SAN Storage How To - ISM management application setup
Huawei SAN Storage How To - ISM management application setup
 
Huawei SAN Storage How To - Assigning Management IP Address
Huawei SAN Storage How To - Assigning Management IP AddressHuawei SAN Storage How To - Assigning Management IP Address
Huawei SAN Storage How To - Assigning Management IP Address
 
Huawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP serverHuawei Switch How To - Configuring a basic DHCP server
Huawei Switch How To - Configuring a basic DHCP server
 
Fortigate Firewall How to - DLP
Fortigate Firewall How to - DLPFortigate Firewall How to - DLP
Fortigate Firewall How to - DLP
 
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP modeHUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
HUAWEI Switch HOW-TO - Configuring link aggregation in static LACP mode
 
FortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB FilteringFortiGate Firewall How-To: WEB Filtering
FortiGate Firewall How-To: WEB Filtering
 
FortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZFortiGate Firewall HOW-TO - DMZ
FortiGate Firewall HOW-TO - DMZ
 

Último

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfsudhanshuwaghmare1
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)wesley chun
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonAnna Loughnan Colquhoun
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘RTylerCroy
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdflior mazor
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MIND CTI
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...apidays
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProduct Anonymous
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUK Journal
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businesspanagenda
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 

Último (20)

presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Boost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdfBoost Fertility New Invention Ups Success Rates.pdf
Boost Fertility New Invention Ups Success Rates.pdf
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)Powerful Google developer tools for immediate impact! (2023-24 C)
Powerful Google developer tools for immediate impact! (2023-24 C)
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 
Data Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt RobisonData Cloud, More than a CDP by Matt Robison
Data Cloud, More than a CDP by Matt Robison
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
Bajaj Allianz Life Insurance Company - Insurer Innovation Award 2024
 
🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘🐬 The future of MySQL is Postgres 🐘
🐬 The future of MySQL is Postgres 🐘
 
GenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdfGenAI Risks & Security Meetup 01052024.pdf
GenAI Risks & Security Meetup 01052024.pdf
 
MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024MINDCTI Revenue Release Quarter One 2024
MINDCTI Revenue Release Quarter One 2024
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
Apidays New York 2024 - The Good, the Bad and the Governed by David O'Neill, ...
 
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemkeProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
ProductAnonymous-April2024-WinProductDiscovery-MelissaKlemke
 
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdfUnderstanding Discord NSFW Servers A Guide for Responsible Users.pdf
Understanding Discord NSFW Servers A Guide for Responsible Users.pdf
 
Why Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire businessWhy Teams call analytics are critical to your entire business
Why Teams call analytics are critical to your entire business
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 

Cisco Switch How To - Secure a Switch Port

  • 1. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Secure a Switch Port CISCO Switch
  • 2. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Next, you must identify a set of allowed MAC addresses so that the port can grant them access. You can explicitly configure addresses or they can be learned dynamically from port traffic. On each interface that uses port security, specify the maximum number of MAC addresses that will be allowed access using the following interface configuration command: Switch(config-if)#switchport port-security maximum max-addr 01 In some environments, a network must be secured by controlling what stations can gain access to the network itself. Where user workstations are stationary, their MAC addresses always can be expected to connect to the same access-layer switch ports. If stations are mobile, their MAC addresses can be learned dynamically or added to a list of addresses to expect on a switch port. Catalyst switches offer the port security feature to control port access based on MAC addresses. To configure port security on an access-layer switch port, begin by enabling it with the following interface-configuration command: Switch(config-if)#switchport port-security Secure a Switch Port CISCO Switch 1. Port security By default, only one MAC address will be allowed access on each switch port. You can set the maximum number of addresses in the range of 1 to 1,024.
  • 3. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT You also can statically define one or more MAC addresses on an interface. Any of these addresses are allowed to access the network through the port. Use the following interface configuration command to define a static address: Switch(config-if)#switchport port-security mac-address mac-addr 02 Each interface using port security dynamically learns MAC addresses by default and expects those addresses to appear on that interface in the future. These are called sticky MAC addresses. MAC addresses are learned as hosts transmit frames on an interface. The interface learns up to the maximum number of addresses allowed. Learned addresses also can be aged out of the table if those hosts are silent for a period of time. By default, no aging occurs. For example, to set the maximum number of MAC addresses that can be active on a switch port at any time to two, you could use the following command: Switch(config-if)#switchport port-security maximum 2 Secure a Switch Port CISCO Switch 2. Set maximum mac address
  • 4. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT Finally, you must define how each interface using port security should react if a MAC address is in violation by using the following interface-configuration command: Switch(config-if)# switchport port-security violation {shutdown | restrict |protect} 03 The MAC address is given in dotted-triplet format. If the number of static addresses configured is less than the maximum number of addresses secured on a port, the remaining addresses are learned dynamically. Be sure to set the maximum number appropriately. You can use the following command to configure a static address entry on an interface: Switch(config-if)#switchport port-security mac-address 0006.5b02.a841 Secure a Switch Port CISCO Switch 3. Set reaction to violation A violation occurs if more than the maximum number of MAC addresses are learned or if an unknown (not statically defined) MAC address attempts to transmit on the port. The switch port takes one of the following configured actions when a violation is detected: • Shutdown - The port immediately is put into the errdisable state, which effectively shuts it down. It must be re-enabled manually or through errdisable recovery to be used again. • Restrict - The port is allowed to stay up, but all packets from violating MAC addresses are dropped. The switch keeps a running count of the number of violating packets and can send an SNMP trap and a syslog message as an alert of the violation. • Protect - The port is allowed to stay up, as in the restrict mode. Although packets from violating addresses are dropped, no record of the violation is kept.
  • 5. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT When the default maximum of one MAC address is exceeded on this interface, the condition is logged but the interface stays up. This is shown by the following syslog message: Jun 3 17:18:41.888 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0000.5e00.0101 on port GigabitEthernet0/11 04 As an example of the restrict mode, a switch interface has received the following configuration commands: interface GigabitEthernet0/11 switchport access vlan 991 switchport mode access switchport port-security switchport port-security violation restrict spanning-tree portfast Secure a Switch Port CISCO Switch 3. Set reaction to violation In the shutdown mode, the port security action is much more drastic. When the maximum number of MAC add resses is exceeded, the following syslog messages indicate that the port has been shut down in the errdisable state: Jun 3 17:14:19.018 EDT: %PM-4-ERR_DISABLE: psecure-violation error detected on Gi0/11, putting Gi0/11 in err-disable state Jun 3 17:14:19.022 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred, caused by MAC address 0003.a089.efc5 on port GigabitEthernet0/11. Jun 3 17:14:20.022 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Gigabit Ethernet0/ 11, changed state to down Jun 3 17:14:21.023 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet0/11, changed state to down
  • 6. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT 05 The command show port-security interface , shows port status as you can see in the following exemple Switch#show port-security interface gigabitethernet 0/11 Port Security : Enabled Port Status : Secure-shutdown Violation Mode : Shutdown Aging Time : 0 mins Aging Type : Absolute SecureStatic Address Aging : Disabled Maximum MAC Addresses : 1 Total MAC Addresses : 0 Configured MAC Addresses : 0 Sticky MAC Addresses : 0 Last Source Address : 0003.a089.efc5 Security Violation Count : 1 Secure a Switch Port CISCO Switch 4. Port Status To see a quick summary of only ports in the errdisable state, along with the reason for errdisable, you can use the show interfaces status err-disabled command, as demonstrated in Example Switch#show interfaces status err-disabled Port Name Status Reason Gi0/11 Test port err-disabled psecure-violation
  • 7. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT 06 Finally, you can display a summary of the port-security status with the show port-security command, as demonstrated in next Example Switch#show port-security Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action (Count) (Count) (Count) --------------------------------------------------------------------------- Gi0/11 5 1 0 Restrict Gi0/12 1 0 0 Shutdown --------------------------------------------------------------------------- Total Addresses in System (excluding one mac per port) : 0 Max Addresses limit in System (excluding one mac per port) : 6176 Secure a Switch Port CISCO Switch 4. Port Status
  • 8. To learn more about this tutorial contact us info_ipmax@ipmax.it or visit our site www.ipmax.it/support WWW.IPMAX.IT More Needs? Services and Solutions Products Remote IpService Security Via Ponchielli, 4 20063 Cernusco sul Naviglio (MI) – Italy +39 02 9290 9171 info_ipmax@ipmax.it About us IPMAX is the ideal partner for companies seeking quality in products and services. IPMAX guarantees method and professionalism to support its customers in selecting technologies with the best quality / price ratio, in the design, installation, commissioning and operation