拓扑图:
静态安全的MAC地址:
SW1上的配置:
SW1(config)#int
SW1(config)#interface f
SW1(config)#interface fastEthernet 0/1
SW1(config-if)#sh
SW1(config-if)#shutdown //关闭f0/1接口
SW1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to administratively down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
SW1(config-if)#sw
SW1(config-if)#switchport mo ac //把端口设置为访问模式,允许电脑接入
SW1(config-if)#s
SW1(config-if)#sw
SW1(config-if)#switchport po
SW1(config-if)#switchport port-security //打开交换机端口的安全功能
SW1(config-if)#sw
SW1(config-if)#switchport po
SW1(config-if)#switchport port-security max
SW1(config-if)#switchport port-security maximum 1 //只允许该端口下的MAC地址条目为1,只允许一个设备接入
SW1(config-if)#sw
SW1(config-if)#switchport po
SW1(config-if)#switchport port-security v
SW1(config-if)#switchport port-security violation sh
SW1(config-if)#switchport port-security violation shutdown //攻击发生时,需要采取的措施
SW1(config-if)#sw
SW1(config-if)#switchport po
SW1(config-if)#switchport port-security mac
SW1(config-if)#switchport port-security mac-address 0030.a303.1701 //允许R1上的g0/0接口接入
SW1(config-if)#no sh
SW1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
SW1#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0001.4383.a201 DYNAMIC Fa0/2
1 0030.a303.1701 STATIC Fa0/1
本文出自 “一颗正在成长的小树” 博客,请务必保留此出处http://growing2015.blog.51cto.com/12006344/1917166
原文:http://growing2015.blog.51cto.com/12006344/1917166