By default Cisco has made it’s switches essentially plug and play. This plug and play mentality actually leaves some pretty large security concerns on the switch. There are 3 very easy ways to secure ports on a Cisco switch. They are:
- Administrative disable the interface using the shutdown interface subcommand. IF you just shutdown the interface, the exposure goes away. The next two commands will help just encase someone re-enables the port.
- Prevent VLAN Trunking. You can do this by running the switchport mode access interface subcommand.
- Assign the port to an un-used VLAN using the switchport access vlan number subcommand.
I know seeing the workflow in an example can help as well. I am going to be working on switch “s1”. I will take fa0/24 and secure the port. I am going to make my own new VLAN that all new ports that need to be secured will be apart of. This VLAN will be VLAN 4 and I will name it “SECURED-VLAN”.
Let’s verify it’s in the proper VLAN using the “show vlan brief” command:
Hopefully this helps you secure un-used ports on a Cisco Switch!