본문 바로가기
CCNA

switch port security

by 북한산산적 2012. 1. 8.

Switch security
1번


2번


Switch#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#int
Switch(config-vlan)#int ra
Switch(config-vlan)#int ran
Switch(config-vlan)#exit
Switch(config)#int
Switch(config)#interface ran
Switch(config)#interface range fa0/1 - fa0/3
Switch(config-if-range)#swi
Switch(config-if-range)#switchport mode acc
Switch(config-if-range)#switchport mode access

 


Switch(config-if-range)#spanning-tree portfast
%Warning: portfast should only be enabled on ports connected to a single
 host. Connecting hubs, concentrators, switches, bridges, etc... to this
 interface  when portfast is enabled, can cause temporary bridging loops.
 Use with CAUTION

%Portfast will be configured in 3 interfaces due to the range command
 but will only have effect when the interfaces are in a non-trunking mode.
Switch(config-if-range)#

 

LISTENING  과 Learning 을 하지 않는다.

바로 forwarding 상태로 변함


Switch(config)#int fa0/2
Switch(config-if)#swi
Switch(config-if)#switchport port
Switch(config-if)#switchport port-security ?
  mac-address  Secure mac address
  maximum      Max secure addresses
  violation    Security violation mode
  <cr>
Switch(config-if)#switchport port-security
Switch(config-if)#switchport port-security maximum 1
Switch(config-if)#switchport port-security mac-address AAAA.AAAA.BBBB

 

Switch(config-if-range)#switchport acc
Switch(config-if-range)#switchport access vla
Switch(config-if-range)#switchport access vlan 10


Switch(config-if)#switchport port-security mac-address ?
  H.H.H   48 bit mac address
  sticky  Configure dynamic secure addresses as sticky

Switch(config-if)#switchport port-security violation restrict