实验环境packet tracer 5.3 Cisco2960
Switch(config-if)#interface fa0/2 //进入接口
Switch(config-if)#switchport mode access //将接口设置为access模式,在packet tracer中好像是必须的,虽然交换机的默认模式是access,但是还是必须要键入这个命令
Switch(config-if)#switchport port-security //启动端口安全功能
Switch(config-if)#switchport port-security maximum 1 //设置端口的最大MAC数量
Switch(config-if)#switchport port-security mac-address 00D0.97DC.31A7 //写入MAC
Switch(config-if)#do show port-security address //验证配置,我现在配置的是fa0/2
Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0030.A36E.C1CC SecureConfigured FastEthernet0/1 -
1 00D0.97DC.31A7 SecureConfigured FastEthernet0/2 -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
下面我将插在MAC为00D0.97DC.31A7的PC网线拔了插到其他不同MAC的PC上
Switch(config-if)#shutdown //我先down了这个接口
Switch(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
Switch(config-if)#no shutdown //插到另外的一个PC上然后打开端口
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
Switch(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down //我在这个期间,用ping命令ping了一个不是本机的IP,主要是要让交换机知道我的MAC,由于先前配置了安全端口,所以现在端口状态变成了administratively down,这也是本实验的要的效果
下面我在将网线插到原来的PC上(MAC为00D0.97DC.31A7的PC)
Switch(config-if)#no shutdown //书上讲只要用no shutdown就可以开启,现在实验显示是无效的
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to down
Switch(config-if)#shutdown //必须先用shutdown关闭端口,这也是论坛里的一个兄弟提醒我的,先谢谢这位兄弟了
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down
Switch(config-if)#no shutdown //再次执行no shutdown好的现在端口可以使用了
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
Switch(config-if)#
欢迎提出建议,本人初学!!
本文出自 “学习中” 博客,谢绝转载!