交换机的端口安全

拓扑图：

静态安全的MAC地址：

SW1上的配置：

SW1(config)#int

SW1(config)#interface f

SW1(config)#interface fastEthernet 0/1

SW1(config-if)#sh

SW1(config-if)#shutdown  //关闭f0/1接口

SW1(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down

SW1(config-if)#sw

SW1(config-if)#switchport mo ac  //把端口设置为访问模式，允许电脑接入

SW1(config-if)#s

SW1(config-if)#sw

SW1(config-if)#switchport po

SW1(config-if)#switchport port-security  //打开交换机端口的安全功能

SW1(config-if)#sw

SW1(config-if)#switchport po

SW1(config-if)#switchport port-security max

SW1(config-if)#switchport port-security maximum 1  //只允许该端口下的MAC地址条目为1，只允许一个设备接入

SW1(config-if)#sw

SW1(config-if)#switchport po

SW1(config-if)#switchport port-security v

SW1(config-if)#switchport port-security violation sh

SW1(config-if)#switchport port-security violation shutdown  //攻击发生时，需要采取的措施

SW1(config-if)#sw

SW1(config-if)#switchport po

SW1(config-if)#switchport port-security mac

SW1(config-if)#switchport port-security mac-address 0030.a303.1701  //允许R1上的g0/0接口接入

SW1(config-if)#no sh

SW1(config-if)#

%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up

%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up

SW1#show mac-address-table

Mac Address Table

-------------------------------------------

Vlan    Mac Address       Type        Ports

----    -----------       --------    -----

1    0001.4383.a201    DYNAMIC     Fa0/2

1    0030.a303.1701    STATIC      Fa0/1