Switch(config)#interface fastethernet0/0
switch(config-if)# switchport mode access
Switch(config-if)#switchport port-security-->The command enables port security on the interface. (it is disabled, by default).
Switch(config-if)#switchport port-security maximum value -->The command specifies the maximum number of devices that can be associated with the interface. This defaults to 1 and can range from 1 to 132.
Switch(config-if)#switchport port-security mac-address MAC_address -->The command specify the exact MAC address that is allowed to be associated with this interface.This command is statically defining the MAC addresses allowed off of the port.We can add additional secure MAC addresses up to the maximum value configured.
Switch(config-if)#switchport port-security violation shutdown -->Causes the switch to generate an alert and to disable the interface. The only way to re-enable the interface is to use the no shutdown command. This is the default violation mode if you don’t specify the mode.
Switch(config-if)#switchport port-security violation restrict -->Causes the switch to generate a security violation alert.
Switch(config-if)#switchport port-security violation protect -->When the number of secure addresses reaches the maximum number allowed, any additionally learned addresses will be dropped. This applies only if you have enabled the sticky option, discussed in the next paragraph.
Switch(config-if)#switchport port-security mac-address sticky -->The sticky command allows the switch to dynamically learn the MAC address(es) associated with the interface and convert these dynamic entries to static entries. The interface will learn MAC addresses only up to the maximum configured value for that interface. Then you use copy running-config startup-config command save the configuration , and when you reboot your switch, the sticky-learned addresses appear as statically secure addresses.
EXAMPLE :
switch(config)# interface fastethernet0/2
switch(config-if)# switchport mode access
switch(config-if)# switchport port-security
switch(config-if)# switchport port-security maximum 2
switch(config-if)# switchport port-security mac-address aaaa.1234.5de6
switch(config-if)# switchport port-security violation shutdown
switch(config-if)# switchport port-security mac-address sticky
Switch#show port-security -->Displays security information for all interfaces
Switch#show port-security interface fastethernet 0/1 -->Displays security information for interface fastethernet 0/5
Switch#show port-security address -->Displays MAC address table security information
Switch#show mac address-table -->Displays the MAC address table
Hiç yorum yok:
Yorum Gönder