交换机端口安全的配置: 对交换机的某一个端口做端口安全配置,首先应该进入该端口。 即:进入到:端口模式

交换机型号:Cisco 2950

 switchport        Set switching mode characteristics   tx-ring-limit     Configure PA level transmit ring limit

S1(config-if)#switchport ?   access         Set access mode characteristics of the interface   mode           Set trunking mode of the interface   native         Set trunking native characteristics when interface is in                  trunking mode   nonegotiate    Device will not engage in negotiation protocol on this                  interface   port-security  Security related command   priority       Set appliance 802.1p priority   trunk          Set trunking characteristics of the interface   voice          Voice appliance attributes S1(config-if)#switchport mode acces S1(config-if)#

S1(config-if)#?   cdp               Global CDP configuration subcommands   channel-group     Etherchannel/port bundling configuration   channel-protocol  Select the channel protocol (LACP, PAgP)   description       Interface specific description   duplex            Configure duplex operation.   exit              Exit from interface configuration mode   mac-address       Manually set interface MAC address   mls               mls interface commands   no                Negate a command or set its defaults   shutdown          Shutdown the selected interface   spanning-tree     Spanning Tree Subsystem   speed             Configure speed operation.   storm-control     storm configuration   switchport        Set switching mode characteristics   tx-ring-limit     Configure PA level transmit ring limit S1(config-if)#switchport ?   access         Set access mode characteristics of the interface   mode           Set trunking mode of the interface   native         Set trunking native characteristics when interface is in                  trunking mode   nonegotiate    Device will not engage in negotiation protocol on this                  interface   port-security  Security related command   priority       Set appliance 802.1p priority   trunk          Set trunking characteristics of the interface   voice          Voice appliance attributes S1(config-if)#switchport mode acces S1(config-if)#switchport port-security ?   mac-address  Secure mac address   maximum      Max secure addresses   violation    Security violation mode   <cr> S1(config-if)#switchport port-security  maximum  1 S1(config-if)#switchport port-security  violation  ?   protect   Security violation protect mode   // 当新的计算机接入时,如果该接口的mac条目超过了最大数量,则这个新的计算机将无法接入,而原有的计算机不受影响。   restrict  Security violation restrict mode  // restrict[英][rɪˈstrɪkt] :vt.限制,限定 ,当新的计算机接入时,如果该接口达到最大值,则这个新的无法接入,而交换机会发送警告信息。   shutdown  Security violation shutdown mode  //  当新的计算机接入时,如果该接口的MAC条目超过了最大数量,则该接口将会被关闭,则这个新的计算机和原有的计算机都无法接入,需要用:no showdown 重新打开。 S1(config-if)#switchport port-security  violation  shutdown   // 意思是:当该端口遭受侵害时,将采取shutdown操作即:禁用该端口。 S1(config-if)# S1#show mac-address-table           Mac Address Table

Vlan    Mac Address       Type        Ports ----    -----------       --------    -----

   1    000a.f3e3.b801    DYNAMIC     Fa0/2    1    0023.3364.2238    STATIC      Fa0/1 S1#

//  violation : [vaɪə'leɪʃn]:n. 违反;侵害;

那么如何为一个接口手动的添加一个MAC表项呢?

: S1(config)#interface f0/1 S1(config-if)# S1(config-if)# S1(config-if)#mac ?   H.H.H  MAC address S1(config-if)#mac 0023.3364.2238 S1(config-if)# S1#show mac-address-table           Mac Address Table

Vlan    Mac Address       Type        Ports ----    -----------       --------    -----

   1    000a.f3e3.b801    DYNAMIC     Fa0/2    1    0023.3364.2238    STATIC      Fa0/1   // 这就是刚才手动添加的。 ———————————————— 版权声明:本文为CSDN博主「OneCode2World」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。 原文链接:https://blog.csdn.net/H002399/java/article/details/46848609