交换机一个端口一个MAC(MAC绑定port)

实验环境packet tracer 5.3 Cisco2960
 
Switch(config-if)#interface fa0/2  //进入接口
Switch(config-if)#switchport mode access  //将接口设置为access模式,在packet tracer中好像是必须的,虽然交换机的默认模式是access,但是还是必须要键入这个命令
Switch(config-if)#switchport port-security //启动端口安全功能
Switch(config-if)#switchport port-security maximum 1  //设置端口的最大MAC数量
Switch(config-if)#switchport port-security mac-address 00D0.97DC.31A7 //写入MAC
Switch(config-if)#do show port-security address //验证配置,我现在配置的是fa0/2
   Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan Mac Address Type   Ports  Remaining Age
        (mins)
---- ----------- ----   -----  -------------
1 0030.A36E.C1CC SecureConfigured FastEthernet0/1  -
1 00D0.97DC.31A7 SecureConfigured FastEthernet0/2  -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 1024
下面我将插在MAC为00D0.97DC.31A7的PC网线拔了插到其他不同MAC的PC上
 
Switch(config-if)#shutdown  //我先down了这个接口
Switch(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
Switch(config-if)#no shutdown //插到另外的一个PC上然后打开端口
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
Switch(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down   //我在这个期间,用ping命令ping了一个不是本机的IP,主要是要让交换机知道我的MAC,由于先前配置了安全端口,所以现在端口状态变成了administratively down,这也是本实验的要的效果

 
下面我在将网线插到原来的PC上(MAC为00D0.97DC.31A7的PC)
 
Switch(config-if)#no shutdown  //书上讲只要用no shutdown就可以开启,现在实验显示是无效的
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to down
Switch(config-if)#shutdown  //必须先用shutdown关闭端口,这也是论坛里的一个兄弟提醒我的,先谢谢这位兄弟了
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to administratively down
Switch(config-if)#no shutdown  //再次执行no shutdown好的现在端口可以使用了
%LINK-5-CHANGED: Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
Switch(config-if)#
 
 
 
 
 
 
欢迎提出建议,本人初学!!

本文出自 “学习中” 博客,谢绝转载!

你可能感兴趣的:(职场,休闲,交换机,端口安全,port绑定MAC)