switchport port-security


dynamic port不能启用Port Security,只有静态接入端口或中继端口才行。要将模式切换为access。

Cat3750(config-if)#switchport port-security
Command rejected: FastEthernet1/0/2 is a dynamic port.

!— Port security can only be configured on static access ports or trunk ports.

Cat3750(config-if)#switchport mode access

!— Sets the interface switchport mode as access.

Cat3750(config-if)#switchport port-security

!— Enables port security on the interface.

Cat3750(config-if)#switchport port-security mac-address 0011.858D.9AF9

!— Sets the secure MAC address for the interface.

Cat3750(config-if)#switchport port-security violation shutdown

!— Sets the violation mode to shutdown. This is the default mode.

=====================================================================

int range FastEthernet 0/1 – 48  进入接口1 – 48
switchport port-security  打开端口防护
switchport port-security maximum 5  允许最高5个MAC地址
switchport port-security violation protect  超过5个的MAC地址后的数据包全部丢弃

不设置最高限制    默认是1个

Port Security              : Disabled
Port Status                : Secure-down
Violation Mode             : Protect
Aging Time                 : 0 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 0
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 0
Last Source Address:Vlan   : 0000.0000.0000:0
Security Violation Count   : 0

Protect这种违规行为是仅仅不让数据通过,但是端口状态和协议都是up

======================================================================
所 以用下列命令可以实现,特定接口只接受连接一台主机(先入的,会自动以STATIC状态存储在MAC列表中),当再换接其他主机时(即,如果此接口连接的 是另一个交换机B,则交换机B上再连接任何主机,交换机A的这个接口都将关闭,因为交换机的接口也有MAC,所以算1),会拒绝。因为MAX没有定义,所 以默认最大接受为1.
interface FastEthernet0/8
switchport access vlan 15
switchport mode access
switchport port-security
switchport port-security violation protect

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s