寫在前面:一般在網路中會在接入層交換機邊緣埠上配置埠安全用于防止非法或不可以信任的網路設備接入到網路中,以便于提高網路的安全性,
1.拓撲圖
2.網路需求
在接入層交換機上配置埠安全提高網路安全性能,實作網路互通,
3.配置
[SW1-GigabitEthernet0/0/1]port-security enable
a.介面使能埠安全功能時,介面上之前學習到的動態MAC地址表項將被洗掉,之后學習到的MAC地址將變為安全動態MAC地址,
[SW1-GigabitEthernet0/0/1]port-security mac-address sticky
b. 介面使能Sticky MAC功能時,介面上的安全動態MAC地址表項將轉化為Sticky MAC地址,之后學習到的MAC地址也變為Sticky MAC地址,
[SW1-GigabitEthernet0/0/1]undo port-security enable
c.介面去使能埠安全功能時,介面上的安全動態MAC地址將被洗掉,重新學習動態MAC地址,
[SW1-GigabitEthernet0/0/1]undo port-security mac-address sticky
d.介面去使能Sticky MAC功能時,介面上的Sticky MAC地址,會轉換為安全動態MAC地址,
3.1SW1的配置
[SW1]display current-configuration
sysname SW1
cluster enable
ntdp enable
ndp enable
drop illegal-mac alarm
diffserv domain default
drop-profile default
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface MEth0/0/1
interface GigabitEthernet0/0/1
port-security enable
port-security protect-action shutdown
port-security max-mac-num 3
port-security aging-time 200
interface GigabitEthernet0/0/2
interface GigabitEthernet0/0/3
interface GigabitEthernet0/0/4
interface GigabitEthernet0/0/5
interface GigabitEthernet0/0/6
interface GigabitEthernet0/0/7
interface GigabitEthernet0/0/8
interface GigabitEthernet0/0/9
interface GigabitEthernet0/0/10
interface GigabitEthernet0/0/11
interface GigabitEthernet0/0/12
interface GigabitEthernet0/0/13
interface GigabitEthernet0/0/14
interface GigabitEthernet0/0/15
interface GigabitEthernet0/0/16
interface GigabitEthernet0/0/17
interface GigabitEthernet0/0/18
interface GigabitEthernet0/0/19
interface GigabitEthernet0/0/20
interface GigabitEthernet0/0/21
interface GigabitEthernet0/0/22
interface GigabitEthernet0/0/23
interface GigabitEthernet0/0/24
interface NULL0
user-interface con 0
user-interface vty 0 4
return
轉載請註明出處,本文鏈接:https://www.uj5u.com/qianduan/215932.html
標籤:其他