网络工程(四)交换机端口与mac地址绑定
实验目的
掌握交换机mac地址绑定的方法
实验环境
Windows 2003,Cisco模拟器
相关知识
交换机的端口安全,是一种交换机的过滤策略,即为交换机的某个端口绑定一个固定的mac地址,使其他的mac地址访问的时候触发策略,down掉端口或者拒绝服务。
实验过程
1. 配置交换机IP为192.168.1.100
代码块:
Switch>enable
Switch#config terminal
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface vlan 1
Switch(config-if)#ip address 192.168.1.100 255.255.255.0
Switch(config-if)#no shutdown
Switch(config-if)#
%LINK-5-CHANGED: Interface Vlan1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan1, changed state to up
Switch(config-if)#exit
Switch(config)#exit
Switch#
%SYS-5-CONFIG_I: Configured from console by console
2. 配置计算机A的IP为192.168.1.10,并获取计算机的mac地址
3. 配置交换机端口mac地址绑定功能
代码块:
Switch#config t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#interface Fa 0/5
Switch(config-if)#switchport mode access
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security mac-address 000A.F34C.8499
Switch(config-if)#exit
Switch(config)#exit
Switch#
%SYS-5-CONFIG_I: Configured from console by console
Switch#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
--------------------------------------------------------------------
Fa0/5 1 1 0 Shutdown
----------------------------------------------------------------------
Switch#show port-security address
Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 000A.F34C.8499 SecureConfigured FastEthernet0/5 -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 1024
Switch#
验证。用网线把计算机A连接到计算机的第五个端口,ping交换机的IP地址,网络正常。再把计算机B换到交换机的第五个端口,再次ping计算机的IP地址,网络不通。
计算机A ping通:
计算机B ping 不通
计算机连接如图: