CCNA Port Security 1: Enable & Verify on Access Ports
Hands-on fundamentals with Cisco port security on host-facing access ports. Build a small two-switch campus with a trunk, place two Linux hosts in the same user VLAN, then enable port security with the explicit defaults (maximum 1, violation shutdown) on both host ports. Verify secure-up state and baseline host connectivity.
CCNA Port Security: Maximum Secure MACs on Access Ports
Deploy and verify port security maximum settings on host-facing access ports in a pure Layer-2 campus with two access switches uplinked to a distribution switch. You will raise the allowed secure MAC count to 2 on each user port to support a PC and a potential downstream device (e.g., a dock), then verify with show commands. No Layer-3, SVIs, or routing are used; focus purely on access VLANs, trunks, and the port-security maximum behavior.
CCNA Capstone: Port Security Troubleshooting
Advanced CCNA port-security troubleshooting on a pure Layer-2 design. Two access switches linked by an 802.1Q trunk carry a Users VLAN across closets. Three Alpine Linux hosts are pre-addressed. The lab is intentionally shipped with multiple classic faults: one access port is err-disabled due to a prior port-security shutdown, one user-facing port lacks port-security altogether, another has the wrong violation mode and an overly restrictive maximum, and one port has an incorrect static secure-MAC configured. Your job is to diagnose using show commands, restore connectivity, and implement the intended security posture with sticky MACs, the correct maximum, the proper violation mode, and errdisable auto-recovery—without placing port-security on the trunk.
CCNA Port Security: Violation Protect vs Restrict
Deploy and compare the two non-disabling port-security violation modes on host-facing access ports. Build a small Layer-2 topology with a trunk between two switches and same-VLAN hosts. Configure violation protect on one access port and restrict on another using deterministic sticky MAC entries. Validate baseline reachability, then observe the different behaviors: protect silently drops with no counter/logs; restrict drops and increments the violation counter.
Port Security: Err-Disable Auto Recovery
Configure port security in shutdown mode on host-facing access ports and enable automatic errdisable recovery for psecure-violation. The lab uses two Layer-2 switches connected by a trunk and three Linux hosts in the same VLAN to validate baseline L2 connectivity. You will deploy and verify the global errdisable recovery timer and cause while keeping the trunk healthy. Focus is on deterministic configuration and verification via show commands rather than attempting to trigger live violations.
Port Security: Voice + Data on One Access Port
Harden a real desk port that carries both data (PC) and voice (IP phone) using switchport voice vlan and access vlan on a single access port. Apply port security with a maximum that accounts for two MAC addresses (phone + PC) so a third device is restricted. A deliberate trunk allow-list drift on the inter-switch link initially blocks the Voice VLAN; learners must repair the trunk and then verify port-security state on the desk port.
CCNA Port Security 2: Sticky Secure MAC Learning
Two access-layer switches have a VLAN 20 connectivity problem: users in one wiring closet cannot reach users in the other. Diagnose and repair the issue, then deploy sticky secure MAC learning on the host-facing access ports so each port dynamically learns and persists its connected host's MAC. Verify sticky entries in show commands and confirm same-VLAN host connectivity end-to-end.
CCNA Port-Sec 7: Static Secure MAC Binding
Troubleshoot a Layer-2 forwarding fault that breaks a user VLAN between access/distribution switches, then implement static secure MAC binding on the client-facing access port. You will restore end-to-end VLAN 20 reachability and enforce a single authorized MAC on the user port using port-security with violation restrict.
CCNA Port-Sec 9: Multi-Port Sticky Restrict Policy
Advanced CCNA switchport port-security rollout on multiple access ports across two Layer-2 switches with a trunk. You will standardize a consistent edge policy (sticky MAC learning, maximum 1, violation restrict) on all host-facing access ports while leaving the uplink trunk exempt from port-security. Includes a realistic drift on the trunk allow-list and VLAN database to fix before validating end-to-end user VLAN transport. Pure Layer-2: no SVIs or routing.
CCNA Port Security 5: Violation Shutdown & Manual Recovery
Hands-on CCNA L2 switching lab: build a small campus with a distribution switch and two access switches carrying a shared user VLAN over 802.1Q trunks. Harden access ports with sticky port-security in violation shutdown mode. Intentionally seed and diagnose broken trunks/host VLANs, restore end-to-end host reachability, then trigger a port-security violation to observe err-disabled behavior and perform manual recovery.
CCNA Foundations: L2 Day 7 — VLANs, Trunks & Port Security
Deploy VLANs, hardened 802.1Q trunks, router-on-a-stick inter-VLAN routing, and sticky port security in a compact branch topology. Verify from real hosts and troubleshoot common misconfigurations.
Archive preview only
CCNA Foundations Series: Layer 2 Day 6
Deploy and troubleshoot VLANs, 802.1Q trunks, and port security in a realistic small-branch ROAS design. You will stand up VLANs 10/20/99 with a hardened trunk native VLAN 999, configure sticky port security on access ports, correct a misassigned VLAN, and resolve an err-disabled port caused by a port security violation. Finish by verifying end-to-end host connectivity across VLANs.
Archive preview only
CCNA Foundations Series: Layer 2 Day 5
Implement VLANs, 802.1Q trunking, router-on-a-stick inter-VLAN routing, and access-layer port security on a compact branch network with two access switches and two endpoints. You will configure segmentation (VLANs 10, 20, 99), hardened trunks with a dedicated native VLAN 999, Layer 3 gateways on a core router, and sticky MAC port security on user-facing ports. Verify end-to-end reachability and remediate common misconfigurations like missing allowed VLANs, native VLAN mismatches, and unauthorized endpoint moves.
Archive preview only
CCNA Foundations Series: Layer 2 Day 4
Hands-on CCNA Layer 2 switching lab: build VLANs, access ports, hardened 802.1Q trunks, and basic port-security across two access switches and an L2 core. Verify segmentation end-to-end from real hosts and practice troubleshooting native-VLAN and port/VLAN mismatches.
Archive preview only
CCNA Day 3: VLANs, Trunking, and Layer 2 Security
Hands-on CCNA lab: build VLANs for Sales and Engineering, implement 802.1Q trunks with a hardened native VLAN, assign access ports, and apply sticky MAC port-security on access interfaces. The design uses a compact, realistic branch topology with a router-on-a-stick gateway, a distribution L2 switch, one access L2 switch, and two end hosts. Students deploy, verify, and troubleshoot VLAN reachability, trunk integrity, and port-security violations.
Archive preview only
CCNA Day 2: VLANs and Port Security
Configure a compact branch LAN with router-on-a-stick inter-VLAN routing, two access switches, and two user VLANs. Implement VLANs, 802.1Q trunks with a hardened native VLAN, secure user-facing ports with port-security, and verify end-to-end reachability from the hosts. Includes realistic troubleshooting of VLAN assignment, trunk allow-lists, and port-security violations.
Archive preview only
CCNA Foundations Day 1: VLAN and Port Security
Build and harden a small branch campus Layer 2 network with a distribution switch and two access switches. Implement VLANs, trunking, and basic port security, then verify from the end hosts and troubleshoot common L2 mistakes.
Archive preview only