禁止手机等非授权设备连接到公司无线网络的方法

 

    防止用户私自更改手机mac继续访问网络,我们在连接AP的交换机端口上设置只允许指定的MAC地址连接到网络。

注意:

1.      确保交换机上连接AP的端口二层模式为access模式。

2.      允许通过的MAC数量和port-security maximum数量必须一致

3.      每次增加MAC的时候,先shutdown,然后设置maximum数量,然后再增加MAC,最后no shutdown激活端口

4.      必须把AP本身的MAC地址也加进去,否则无法telnet AP

5.      在交换机上的连接AP的端口上配置

 

 

配置命令:

XIASW-B-005(config)#interface fastEthernet 0/35

XIASW-B-005(config-if)#shutdown

XIASW-B-005(config-if)#switchport port-security

XIASW-B-005(config-if)#switchport port-security violation protect

XIASW-B-005(config-if)#switchport port-security maximum 7

XIASW-B-005(config-if)#switchport port-security mac-address 0023.0426.1a7e

XIASW-B-005(config-if)#no shutdown

XIASW-B-005(config-if)#exit

XIASW-B-005#wr

 

 

 

       验证:

XIASW-B-005#sh running-config interface fastEthernet 0/35

Building configuration...

 

Current configuration : 1781 bytes

!

interface FastEthernet0/35

 switchport access vlan 5

 switchport mode access

 switchport port-security maximum 30

 switchport port-security

 switchport port-security violation protect

 switchport port-security mac-address 0008.9ff3.f336

 switchport port-security mac-address 0023.0426.1a7e

 switchport port-security mac-address 0023.4dd9.7205

 switchport port-security mac-address 0024.2b59.e67f

 switchport port-security mac-address 0024.2b5a.035c

 switchport port-security mac-address 0024.d794.7870

 switchport port-security mac-address 0027.1011.761c

 switchport port-security mac-address 0027.1011.d7dc

 switchport port-security mac-address 0027.1012.90e0

 switchport port-security mac-address 0027.10a3.0394

 switchport port-security mac-address 0811.96ac.e0d8

 switchport port-security mac-address 0c77.1a84.5a27

 switchport port-security mac-address 100b.a952.26c0

 switchport port-security mac-address 207d.7424.52cb

 switchport port-security mac-address 3ca9.f48f.aa8c

 switchport port-security mac-address 3ca9.f48f.fdec

 switchport port-security mac-address 3ca9.f4a1.e6c4

 switchport port-security mac-address 3cd0.f8ba.f414

 switchport port-security mac-address 6067.20e1.d798

 switchport port-security mac-address 6092.172b.db71

 switchport port-security mac-address 6c88.147d.a958

 switchport port-security mac-address 6c88.147d.dd30

 switchport port-security mac-address 6c88.147d.e53c

 switchport port-security mac-address 6c88.147d.ea5c

 switchport port-security mac-address 8c70.5a08.1364

 switchport port-security mac-address 8c70.5a08.23d4

 switchport port-security mac-address 9cb7.0df4.42b0

 switchport port-security mac-address acf7.f3ef.cf4a

 switchport port-security mac-address b4ce.f673.44c4

 switchport port-security mac-address c46a.b769.d3b9

end

 

XIASW-B-005#sh mac-address-table interface fastEthernet 0/35

          Mac Address Table

-------------------------------------------

 

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

   5    0008.9ff3.f336    STATIC      Fa0/35

   5    0023.0426.1a7e    STATIC      Fa0/35

   5    0023.4dd9.7205    STATIC      Fa0/35

   5    0024.2b59.e67f    STATIC      Fa0/35

   5    0024.2b5a.035c    STATIC      Fa0/35

   5    0024.d794.7870    STATIC      Fa0/35

   5    0027.1011.761c    STATIC      Fa0/35

   5    0027.1011.d7dc    STATIC      Fa0/35

   5    0027.1012.90e0    STATIC      Fa0/35

   5    0027.10a3.0394    STATIC      Fa0/35

   5    0811.96ac.e0d8    STATIC      Fa0/35

   5    0c77.1a84.5a27    STATIC      Fa0/35

   5    100b.a952.26c0    STATIC      Fa0/35

   5    207d.7424.52cb    STATIC      Fa0/35

   5    3ca9.f48f.aa8c    STATIC      Fa0/35

   5    3ca9.f48f.fdec    STATIC      Fa0/35

   5    3ca9.f4a1.e6c4    STATIC      Fa0/35

   5    3cd0.f8ba.f414    STATIC      Fa0/35

   5    6067.20e1.d798    STATIC      Fa0/35

   5    6092.172b.db71    STATIC      Fa0/35

   5    6c88.147d.a958    STATIC      Fa0/35

   5    6c88.147d.dd30    STATIC      Fa0/35

   5    6c88.147d.e53c    STATIC      Fa0/35

   5    6c88.147d.ea5c    STATIC      Fa0/35

   5    8c70.5a08.1364    STATIC      Fa0/35

   5    8c70.5a08.23d4    STATIC      Fa0/35

   5    9cb7.0df4.42b0    STATIC      Fa0/35

   5    acf7.f3ef.cf4a    STATIC      Fa0/35

   5    b4ce.f673.44c4    STATIC      Fa0/35

   5    c46a.b769.d3b9    STATIC      Fa0/35

Total Mac Addresses for this criterion: 30

XIASW-B-005#

你可能感兴趣的:(禁止手机等非授权设备连接到公司无线网络的方法)