1, 根据拓扑完成上图 , 可以配置 pc 的地址为 192.168.1.1-192.168.1.4
2, 配置安全端口
- Switch>enable
- switch#conf t
- Switch(config)#interface f0/1
- Switch(config-if)#switchport mode access 配置 access 模式
- Switch(config-if)#switchport port-security 开启安全端口
- Switch(config-if)# do show port inter f0/1 查看安全端口信息
Port Security : Enabled 已经开启
- Port Status : Secure-up
- Violation Mode : Shutdown
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 0
Configured MAC Addresses : 0
Sticky MAC Addresses : 0
- Last Source Address:Vlan : 0000.0000.0000:0
- Security Violation Count : 0
- Switch(config-if)#switchport port-security maximum 2
设置最大接入 MAC 地址数为 2
Switch(config-if)#switchport port-security mac-address sticky
自动获得接入设备的 MAC
Switch(config-if)#switchport port-security violation ?
违规处理方式
protect Security violation protect mode
保护 - 丢弃数据, 不告警
restrict Security violation restrict mode
抵制 - 丢弃数据, 发告警
shutdown Security violation shutdown mode
关闭 - 丢弃数据, 发告警并关闭链路
Switch(config-if)#switchport port-security violation protect
选择违规处理方式为保护
- Switch(config-if)#end
- Switch#
- Switch#show port-security address 查看地址表
- Secure Mac Address Table
Vlan Mac Address Type Ports Remaining Age
(mins)
1 0002.4AA6.D46D SecureSticky FastEthernet0/1 -
- 1 0010.1108.D197 SecureSticky FastEthernet0/1 -
- Total Addresses in System (excluding one mac per port) : 1
Max Addresses limit in System (excluding one mac per port) : 1024
验证试验, 两台先接入的主机可以访问 PC3 , 第三台不能访问 PC3 说明试验成功 .
验证安全端口的另外一种模式 - 静态绑定
- Switch#conf t
- Switch(config)#
- Switch(config)#interface f0/1
- Switch(config-if)#no switchport port-security mac-address sticky 删除动态绑定
- Switch(config-if)#do show port add
- Secure Mac Address Table
Vlan Mac Address Type Ports Remaining Age
1 0002.4AA6.D46D SecureSticky FastEthernet0/1 -
动态绑定的地址还在
- 1 0010.1108.D197 SecureSticky FastEthernet0/1 -
- Total Addresses in System (excluding one mac per port) : 1
Max Addresses limit in System (excluding one mac per port) : 1024
- Switch(config-if)#end
- Switch#clear port-security sticky
清除动态绑定地址
- Switch#show port-security address
- Secure Mac Address Table
Vlan Mac Address Type Ports Remaining Age
- (mins)
- Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
- Switch#conf t
- Switch(config)#interface f0/1
- Switch(config-if)#switchport port-security mac-address 00D0.FF76.14ED 手动绑定 PC 的 MAC
- Switch(config-if)#switchport port-security mac-address 0010.1108.D197
PC 的 MAC 地址需要你自己在 pC 的命令提示符下获取, 获取方法: ipconfig /all
验证试验, 静态绑定的 PC 可以访问 PC3 , 其他不可以访问 PC3 , 证明试验成功 .
来源: http://www.bubuko.com/infodetail-2600323.html