Since this is a small lab but requires so much understanding and different usecases, I made a topology with a switch and three PCs in GNS3 and clearly understood the points and commands you described in Lecture video by doing different kinds of configurations. Thanks
@@JeremysITLab In your NTP lab while doing the Boson lab, the instructions ask to set the time to July 25th and you mentioned in passing that it was your Birthday! :)
I am not able to get the violation count to increment in Packet Tracer using port-security restrict. I've got all the same settings and outputs as shown at 7:09 yet my vio count is still 0.
2:40 you said the interface must be manually configured as either an access port or a trunk. Well when i tried to configure the interfaces between the switches and router to trunk, port-security became disabled. I tried to enable it while in trunk, and the switch let me do the command. However if i tried "show port-security interface" it stated as disabled.
Jeremy thank you so much for all the effort u put in these videos you are a great teacher but may i ask when will this course end *estimated time for sure* ?
Thanks you Jeremy for all your efforts, your a really great teacher one question regarding the lab ,to try to cause a violation in SW1 after pinging from all 3 PC's i disconnected one PC and replaced it with another and when i pinged from the new PC it didn't work(as it shouldn't) but the interface didn't go to err-disabled state, idk maybe PKT problem
@@JeremysITLab I have the same problem. It seems that every time, you delete the connection of PC1 (or PC2/PC3) and re-plug a new PC with a new MAC address, the switch automatically changes the mac address in the mac address-table to the new PC's MAC address. Probably a PKT issue? When I just change the MAC address of the connected PC1 it works just fine as in your lab video.
@@manuelringwald No it's not a pkt issue. As a matter of fact it's not an issue at all since it's working as intented. If you don't configure the secure mac-address as static or sticky, after removing the link that switch interface will be down and the mac-address will be removed from the mac table. So, when you connect the new client switch will learn the new dynamic address and the connection would work without any port-security violations.
@@huseyinyavuz2765 Seems more or less correct, I configured 'switchport port-security maximum 5' on SW2's G0/1 interface to allow an extra mac address to be sticky, and now I can ping from a new PC4 connected to SW1's F0/3. However, it's very confusing because the requirement says "for example by connecting another PC", and because adding that port-security seems useless if we can still connect a new device with a different mac address 😢
I had a lot of weird issues with this lab that I can't explain. I initially tried to get SW2 to restrict by adding another PC on SW1 F0/1. The PC was able to ping but SW2 never learned the mac address or restricted the port of the new PC. I also tried to get SW1 to trip by changing the last two digits of the mac address on PC1 to 22 but it also wasn't added to the mac address table.
I ran into a bug where you were able to issue many port-security subcommands on the interface without configuring the port as an access or trunk port first. These commands weren't rejected, but they also wouldn't appear in the running-config. It stayed like this even after I configured each interface as an access port and then applied the switchport port-security command. These commands showed in the running-config, but all other port-security configurations were not showing even though they weren't being rejected. (switchport port-security violation shutdown, etc.) I also attempted to configure static secure mac addresses with the switchport port-security mac-address x.x.x command for each interface and it rejected the command indicating a duplicate address. I did some research and was only able to resolve this issue by defaulting each interface (default interface interface-id) and then rendering a (copy running-config startup-config) then issuing a reload of the device. Then, I was able to configure port-security properly from scratch without encountering this bug. I believe this bug is caused by pushing port-security subcommands before actually configuring the interface with switchport mode (access/trunk) and then switchport port-security first.
Thank you for your great video. I have few questions here. 1. In my lab, SW2 learned MAC address from SW1 too fast, so SW1's MAC address became DynamicConfigured type in "Secure MAC address table" before i configured the sticky address, but in "normal MAC address table" SW1's MAC changed from Dynamic to Static after i just issued "switchport port-security". Then after i configured the sticky address and did the ping, the MAC address from PC1, 2 and 3 were sticky but SW1's still DynamicConfigured not sticky. Is that a bug ? 2. From the question 1, i found out that when the MAC address becomes DynamicConfigured, it can't be changed no matter what. I tried all the option of "clear port-security ..." or "no switchport port-security" then configured again on SW2, the MAC address was still DynamicConfigured. Is this also packet tracer bug ? 3. Unless i figure sticky, when we unplug the cable and plug into the new pc, that new pc can access the SW ? If so, that's not good if i forget to figure sticky :v
hello Jeremy I am really thankful for these wonderful videos. But I got a question. Does switch got its own mac address? and how would it use it although there will be a mac address for every port ?
How come I don’t have this lab in my Boson?? Besides, many of the commands you’re explaining like MAC aging are unavailable in Boson too! But thanks for the awesome tutorials! Edit: I just updated my Boson and the lab showed up 😊 thanks man!
seems packet tracer is a bit buggy, tried to do number 2 using a different PC/laptop and i couldnt trigger the shutdown violation. but if i changed the mac address of the original host PC or the new PC/laptop, then it triggers. weird stuff...
does unplugging cable in real network also remove the mac address from the table? so changing the pcs that connected to non sticky interface would still grant you access to pcs connected to SW1 but cant go further to SW2?
So I added a new PC and connected it to f0/1 after configuring port-security and it doesn't show a violation on SW1. If I change the MAC address manually, it does. Why is that?
I forgot that port security is per interface. I was a bit confuse when SW1 was forwarding all 3 pings :D . Then I realized my mistake. Also, I tried attaching a new PC to Sw1, and Sw 2 [f0/1, g0/1 interfaces respectively] but it dind't work. I tried SVI, and changing MAC it worked (oh probably I forgot to configure the new PCs before sending pings, how silly of me - let me check it now).. :D
am i missunderstanding something ? i connect the switchport to a new PC which has a different MAC and It still can work? Why port-security does not interfere?
@@JeremysITLab Hi Jeremy , that you so much for this progress bar. Im terribly sorry to ask (cos you do so much for us already) - but can you indicate on which video day/s you cover the topics highlighted in green and yellow as per the sheet. if you add another column indicating so, that would be great! thank you for the work you put in!
Since this is a small lab but requires so much understanding and different usecases, I made a topology with a switch and three PCs in GNS3 and clearly understood the points and commands you described in Lecture video by doing different kinds of configurations.
Thanks
Happy Birthday, Jeremy! Love your videos! I will likely get Boson to help me prepare for the exam & will be sure to use your link when I do. :)
Thanks Molito! How did you know it's my birthday? ;)
@@JeremysITLab In your NTP lab while doing the Boson lab, the instructions ask to set the time to July 25th and you mentioned in passing that it was your Birthday! :)
thank you Jeremy for your efforts
I can't explain how much I appreciate your efforts
I am not able to get the violation count to increment in Packet Tracer using port-security restrict. I've got all the same settings and outputs as shown at 7:09 yet my vio count is still 0.
you’re doing gods work sir thank you
2:40 you said the interface must be manually configured as either an access port or a trunk.
Well when i tried to configure the interfaces between the switches and router to trunk, port-security became disabled. I tried to enable it while in trunk, and the switch let me do the command. However if i tried "show port-security interface" it stated as disabled.
Thank you Geremy and all the People who help you :)
Thanks for this amazing course
Impeccable explanation as usual. Thanks Jeremy!
Lab Time ! Thank you Jeremy !
Thank you so much, Jeremy. I am excited about the next.
Jeremy thank you so much for all the effort u put in these videos you are a great teacher but may i ask when will this course end *estimated time for sure* ?
It'll finish this year!
Thanks you Jeremy for all your efforts, your a really great teacher
one question regarding the lab ,to try to cause a violation in SW1 after pinging from all 3 PC's i disconnected one PC and replaced it with another and when i pinged from the new PC it didn't work(as it shouldn't) but the interface didn't go to err-disabled state, idk maybe PKT problem
Was the violation mode 'shutdown'?
@@JeremysITLab Yes i checked it using "show port-security interface"
@@JeremysITLab I have the same problem. It seems that every time, you delete the connection of PC1 (or PC2/PC3) and re-plug a new PC with a new MAC address, the switch automatically changes the mac address in the mac address-table to the new PC's MAC address. Probably a PKT issue? When I just change the MAC address of the connected PC1 it works just fine as in your lab video.
@@manuelringwald No it's not a pkt issue. As a matter of fact it's not an issue at all since it's working as intented. If you don't configure the secure mac-address as static or sticky, after removing the link that switch interface will be down and the mac-address will be removed from the mac table. So, when you connect the new client switch will learn the new dynamic address and the connection would work without any port-security violations.
@@huseyinyavuz2765 Seems more or less correct, I configured 'switchport port-security maximum 5' on SW2's G0/1 interface to allow an extra mac address to be sticky, and now I can ping from a new PC4 connected to SW1's F0/3. However, it's very confusing because the requirement says "for example by connecting another PC", and because adding that port-security seems useless if we can still connect a new device with a different mac address 😢
Hey, I really like your content. I'm looking forward to watch your Wireless and Automation chapters. Do you have any idea when will they be uploaded?
Wow I actually completed this lab all on my own. Not the most complicated lab but nonetheless, still a nice achievement lol. Thanks Jeremy!
thanks a lot for your great efforts building such course
more blessing to you Jeremy
tbh, I didn't know that SVI have MAC addresses assigned to them. What's the point? How can they be unique? Don't they have to be unique?
I had a lot of weird issues with this lab that I can't explain. I initially tried to get SW2 to restrict by adding another PC on SW1 F0/1. The PC was able to ping but SW2 never learned the mac address or restricted the port of the new PC. I also tried to get SW1 to trip by changing the last two digits of the mac address on PC1 to 22 but it also wasn't added to the mac address table.
I ran into a bug where you were able to issue many port-security subcommands on the interface without configuring the port as an access or trunk port first. These commands weren't rejected, but they also wouldn't appear in the running-config. It stayed like this even after I configured each interface as an access port and then applied the switchport port-security command. These commands showed in the running-config, but all other port-security configurations were not showing even though they weren't being rejected. (switchport port-security violation shutdown, etc.) I also attempted to configure static secure mac addresses with the switchport port-security mac-address x.x.x command for each interface and it rejected the command indicating a duplicate address. I did some research and was only able to resolve this issue by defaulting each interface (default interface interface-id) and then rendering a (copy running-config startup-config) then issuing a reload of the device. Then, I was able to configure port-security properly from scratch without encountering this bug. I believe this bug is caused by pushing port-security subcommands before actually configuring the interface with switchport mode (access/trunk) and then switchport port-security first.
Thank you for your great video. I have few questions here.
1. In my lab, SW2 learned MAC address from SW1 too fast, so SW1's MAC address became DynamicConfigured type in "Secure MAC address table" before i configured the sticky address, but in "normal MAC address table" SW1's MAC changed from Dynamic to Static after i just issued "switchport port-security". Then after i configured the sticky address and did the ping, the MAC address from PC1, 2 and 3 were sticky but SW1's still DynamicConfigured not sticky. Is that a bug ?
2. From the question 1, i found out that when the MAC address becomes DynamicConfigured, it can't be changed no matter what. I tried all the option of "clear port-security ..." or "no switchport port-security" then configured again on SW2, the MAC address was still DynamicConfigured. Is this also packet tracer bug ?
3. Unless i figure sticky, when we unplug the cable and plug into the new pc, that new pc can access the SW ? If so, that's not good if i forget to figure sticky :v
I'm having this same problem. My version of Packet Tracer does not work the same way Jeremy's does in this video or in the lecture.
hello Jeremy
I am really thankful for these wonderful videos. But I got a question. Does switch got its own mac address? and how would it use it although there will be a mac address for every port ?
How come I don’t have this lab in my Boson?? Besides, many of the commands you’re explaining like MAC aging are unavailable in Boson too! But thanks for the awesome tutorials!
Edit: I just updated my Boson and the lab showed up 😊 thanks man!
seems packet tracer is a bit buggy, tried to do number 2 using a different PC/laptop and i couldnt trigger the shutdown violation. but if i changed the mac address of the original host PC or the new PC/laptop, then it triggers. weird stuff...
I am facing the same problem. And I have been trying to figure out the reason for hours. Are u sure it's a bug?
Here j m thanking u for all u re time god bless u sir
Hey Jeremy, thanks you for sharing your knowledge.
are you able to make a video about VoIP?
VoIP isn't on the CCNA, so I don't plan to make any videos about it.
does unplugging cable in real network also remove the mac address from the table? so changing the pcs that connected to non sticky interface would still grant you access to pcs connected to SW1 but cant go further to SW2?
Yeah unplugging the cable will cause the interface to go down, which will remove MAC addresses learned on that interface from the MAC address table.
@@JeremysITLab thanks
You may have mentioned this but for my clarification how does SW2 learn the MAC address of SW1 G0/1 interface? Is it CDP? Thanks
What the STP thing you were concerned about @14:38
Probably bcs STP would cause some delay before the interface begins forwarding.
it's a very good lab, very helpful.
changing the mac address of pc1 causes to loose the connection to sw1????
Thank you, very detailed explanation
So I added a new PC and connected it to f0/1 after configuring port-security and it doesn't show a violation on SW1. If I change the MAC address manually, it does. Why is that?
packet tracer being buggy as usual
Thanks Jeremy
Thanks Jeremy!
I forgot that port security is per interface. I was a bit confuse when SW1 was forwarding all 3 pings :D . Then I realized my mistake. Also, I tried attaching a new PC to Sw1, and Sw 2 [f0/1, g0/1 interfaces respectively] but it dind't work. I tried SVI, and changing MAC it worked (oh probably I forgot to configure the new PCs before sending pings, how silly of me - let me check it now).. :D
am i missunderstanding something ? i connect the switchport to a new PC which has a different MAC and It still can work? Why port-security does not interfere?
The MAC address table is cleared when an interface goes down. Try enabling sticky learning
Hi Jeremy, Could you tell us how much course is remaining ?
You can check the course progress here: jeremysitlab.com/ccna-course-progress
@@JeremysITLab Hi Jeremy , that you so much for this progress bar. Im terribly sorry to ask (cos you do so much for us already) - but can you indicate on which video day/s you cover the topics highlighted in green and yellow as per the sheet. if you add another column indicating so, that would be great! thank you for the work you put in!
Thank you!
Thanks you
Hi Jeremy, may i know which is the part for AAA authentication method?
first A
for some reason the file in the lab download site has a .apkg extension, which packet tracer wasn't able to open correctly. just a heads up!
That’s a flashcard file! There’s a packet tracer lab, too
@@JeremysITLab Whoops! Not my smoothest move. Thanks for the reply and the patience!
I'm getting an error that this lab is not compatible with this version of packet tracer. Which version do you use?
Download the latest version from Cisco! It will be able to open all of my labs.
Thanks J
Thank you master,i can hard learn start the beggin
...What?
Should we learn mpls for ccna exam sir?
You just need to know what it is, but you don't need to learn how it actually works.
tysm
😀
thank you.
thank you