交换机端口安全的配置: 对交换机的某一个端口做端口安全配置,首先应该进入该端口。 即:进入到:端口模式
交换机型号:Cisco 2950
switchport Set switching mode characteristics tx-ring-limit Configure PA level transmit ring limit
S1(config-if)#switchport ? access Set access mode characteristics of the interface mode Set trunking mode of the interface native Set trunking native characteristics when interface is in trunking mode nonegotiate Device will not engage in negotiation protocol on this interface port-security Security related command priority Set appliance 802.1p priority trunk Set trunking characteristics of the interface voice Voice appliance attributes S1(config-if)#switchport mode acces S1(config-if)#
S1(config-if)#? cdp Global CDP configuration subcommands channel-group Etherchannel/port bundling configuration channel-protocol Select the channel protocol (LACP, PAgP) description Interface specific description duplex Configure duplex operation. exit Exit from interface configuration mode mac-address Manually set interface MAC address mls mls interface commands no Negate a command or set its defaults shutdown Shutdown the selected interface spanning-tree Spanning Tree Subsystem speed Configure speed operation. storm-control storm configuration switchport Set switching mode characteristics tx-ring-limit Configure PA level transmit ring limit S1(config-if)#switchport ? access Set access mode characteristics of the interface mode Set trunking mode of the interface native Set trunking native characteristics when interface is in trunking mode nonegotiate Device will not engage in negotiation protocol on this interface port-security Security related command priority Set appliance 802.1p priority trunk Set trunking characteristics of the interface voice Voice appliance attributes S1(config-if)#switchport mode acces S1(config-if)#switchport port-security ? mac-address Secure mac address maximum Max secure addresses violation Security violation mode <cr> S1(config-if)#switchport port-security maximum 1 S1(config-if)#switchport port-security violation ? protect Security violation protect mode // 当新的计算机接入时,如果该接口的mac条目超过了最大数量,则这个新的计算机将无法接入,而原有的计算机不受影响。 restrict Security violation restrict mode // restrict[英][rɪˈstrɪkt] :vt.限制,限定 ,当新的计算机接入时,如果该接口达到最大值,则这个新的无法接入,而交换机会发送警告信息。 shutdown Security violation shutdown mode // 当新的计算机接入时,如果该接口的MAC条目超过了最大数量,则该接口将会被关闭,则这个新的计算机和原有的计算机都无法接入,需要用:no showdown 重新打开。 S1(config-if)#switchport port-security violation shutdown // 意思是:当该端口遭受侵害时,将采取shutdown操作即:禁用该端口。 S1(config-if)# S1#show mac-address-table Mac Address Table
Vlan Mac Address Type Ports ---- ----------- -------- -----
1 000a.f3e3.b801 DYNAMIC Fa0/2 1 0023.3364.2238 STATIC Fa0/1 S1#
// violation : [vaɪə'leɪʃn]:n. 违反;侵害;
那么如何为一个接口手动的添加一个MAC表项呢?
: S1(config)#interface f0/1 S1(config-if)# S1(config-if)# S1(config-if)#mac ? H.H.H MAC address S1(config-if)#mac 0023.3364.2238 S1(config-if)# S1#show mac-address-table Mac Address Table
Vlan Mac Address Type Ports ---- ----------- -------- -----
1 000a.f3e3.b801 DYNAMIC Fa0/2 1 0023.3364.2238 STATIC Fa0/1 // 这就是刚才手动添加的。 ———————————————— 版权声明:本文为CSDN博主「OneCode2World」的原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接及本声明。 原文链接:https://blog.csdn.net/H002399/java/article/details/46848609