Computer network configuration-security configuration of the switch

Others 2021-02-28 07:13:48 views: null

1. The purpose of the experiment

  1. Understand how the switch works
  2. Master the port security configuration of the switch

2. Experimental tasks

The experiment requirements are as follows:

  1. Set the management address of switch S1, set the Fa0/1~Fa0/12 port of switch S1 as a dynamic security NAC address, set the maximum number of MAC entries to 10, and set the security violation mode to be off;
  2. Connect PC1 to Fa0/1;
  3. Set the Fa0/24 port to use a static secure MAC address, set the maximum number of MAC entries to 1, set the security violation mode to limit, and bind the MAC address of PC3 to Fa0/24;
  4. Other unused ports are disabled .
  5. Try to connect PC1 to Fa0/24 port and PC3 to Fa0/1 port, check what prompts and situations will appear on the switch, and explain why this happens.
  6. Then connect PC1 and PC3 to the Fa0/2 and Fa0/3 ports, and check if there is an error message;
  7. Save the operating configuration of switch S;
  8. Then enable the Fa0/13~Fa0/23 ports, and use the sticky secure MAC address, set the maximum number of MAC entries to 1, and set the security mode to protection;
  9. Then save the running configuration as the startup configuration;
  10. Then connect PC2 to Fa0/16;
  11. At this time, if you change PC3 to Fa0/16 port and PC3 to Fa0/24 port, check what happens.

3. Introduction to the experimental principle

  1. Security configuration mode of the switch
  • Static secure MAC address configuration: Use the swi port-security mac-addr mac-addr command to configure manually, the configured MAC address will be stored in the MAC address table. At the same time, it is also added to the configuration file of the switch, and it still takes effect when restarting.
  • Dynamic secure MAC address configuration: The MAC address is dynamically acquired and only stored in the current MAC address table. The acquired secure MAC address will be cleared when the switch is restarted.
  • Sticky secure MAC address configuration: You can configure the port to dynamically obtain a secure MAC address, and then save the obtained MAC address to the running configuration, and it will still take effect after restarting.
  • Security mode command: switch port-security violation {protect | shutdown | restrict}

Explanation: The meaning of "Switch port-security violation {protect | shutdown | restrict}" is as follows.

protect: When a new computer is connected, if the MAC entry of the interface exceeds the maximum number, the new computer will not be able to access, and the original computer will not be affected.

Shudown: When a new computer is connected, if the MAC entry of the interface exceeds the maximum number, the interface will be shut down. Neither the new computer nor the original computer can be accessed, and the administrator needs to use the no shutdown command to turn it on again.

restrict: When a new computer is connected, if the MAC entry of the interface exceeds the maximum number, the new computer can be connected and the switch will send a warning message.

4. Design code (or schematic diagram), simulation waveform and analysis

PC1's MAC address and IP address:

PC2's MAC address and IP address:

PC3's MAC address and IP address:

The network topology when PC1 is connected to F0/1 and PC3 is connected to F0/24:

Test PC1 and PC3 to ping each other:

The network topology when PC1 is connected to F0/24 and PC3 is connected to F0/1:

Test PC1 and PC3 to ping each other:

The result displayed by the switch:

The network topology when PC1 is connected to F0/2 and PC3 is connected to F0/3:

Test PC1 and PC3 to ping each other:

The network topology when PC1 is connected to F0/2, PC3 is connected to F0/3, and PC2 is connected to F0/16:

Test the ping between PC1 and PC3 and PC2:

The network topology when PC1 is connected to F0/2, PC3 is connected to F0/16, and PC2 is connected to F0/24:

Test the ping between PC1 and PC3 and PC2:

The overall configuration of the switch is as follows:

Configure the dynamic MAC address part
Configure static MAC address, bind mac address, close the part that does not use ports
Overall port configuration

5. Experimental conclusions and experience

Supplement the configuration code of the sticky secure MAC address:

Switch>en
Switch#conf t
Switch(config)#int rang fa0/13-23
Switch(config-range-if)#no shutdown

Switch(config-range-if)#swi mode acc
Switch(config-range-if)#swi port-security
Switch(config-range-if)#swi port-security maximum 1
Switch(config-range-if)#swi port-security mac sticky
Switch(config-range-if)#end

Switch#sh port-security

 

Guess you like

Origin blog.csdn.net/XZ_ROU/article/details/112962212
Recommended
Ranking
[Algorithm] greedy _ program scheduling issues
Spring 控制反转(IOC)
Data structure-6.6 figure
Indicates that the class or member method has abstract properties
Huawei v5 server installed Linux operating system
Postgresql source code analysis - creating ordinary tables
Chapter 10 Evaluation Classification Results
Cloud service Ubuntu 20.04 version uses Nginx to deploy static web pages
Java Exercise 17.1
Solve the problem that git cannot automatically push submission in IDEA Push failed: Failed with error: Could not read from remote repository.
Daily
More
2024-05-09(32)
2024-05-08(18)
2024-05-07(34)
2024-05-06(6)
2024-05-05(0)
2024-05-04(18)
2024-05-03(8)
2024-05-02(0)
2024-05-01(4)
2024-04-30(36)

Code World

© 2018 codetd.com