Laboratory equipment:
A switcher, three host
Experimental Procedure:
1, into the corresponding interface
(Mac address at port 1 binding, PC0 access port Example 1)
Switch>enable Switch#config Configuring from terminal, memory, or network [terminal]? Enter configuration commands, one per line. End with CNTL/Z. Switch(config)#
Switch(config)#interface fastEthernet 0/1
2, the interface to access mode
Switch(config-if)#switchport mode access
3, enable port security
Switch(config-if)#switchport port-security
(See mac-address bound in several ways, namely static binding and viscous binding)
Switch(config-if)#switchport port-security mac-address ? H.H.H 48 bit mac address sticky Configure dynamic secure addresses as sticky
The first: dynamically configuring
The second: static configuration
(Where the last column of code Mac address of the host to find ways: Click Host Configuration → → fastEthernet → mac address.)
Switch(config-if)#switchport port-security mac-address 0001.C94E.1321
After setting, with a host pc0 ping pc2, and then you can view (ctrl + z, quickly return to privileged mode) via the following command in privileged mode
Switch#show port-security address
If the connection is broken pc0 port 1, port 1 use pc3 access. Performing pc3 ping pc2 nowhere (illustrated as follows)
Third: Sticky Bind (static binding effect and the same effect)
Switch(config-if)#switchport port-security mac-address sticky
To open a locked port security
Click Switch → Configuration → fastEthernet0 / 1 → Click to open
supplement:
1, view the security of the port address (in privileged mode)
Switch#show port-security address
2, clear all the Mac address security lock port (in privileged mode)
Switch#clear port-security all
3, for the environment
When the network in a machine and thus lead poisoning due to the large number of broadcast packets flooding the network, the network administrator is the only idea is to find the root of the host as soon as possible and to isolate it from the network temporarily.
When the arrangement of the network is very casual, just plug the Internet cable to any user, in any location can access, although this so that most users are satisfied under normal circumstances, but when a network failure occurs, administrators but
difficult to quickly and accurately locate the root cause host, let alone isolate it. Binding technique port address so that the host must be bound to a port, that is to say, only a particular host data frames sent at a specific port,
in order to be transmitted to the receiving switch and the network, if the mobile host to elsewhere, it can not achieve normal networking. Doing so may seem harsh to some users, but also for a large number of employees use portable machines campus does not apply, but based on the perspective of safety management considerations, it played a crucial role.
4, set the role of the Mac.
为了安全和便于管理,需要将 MAC 地址与端口进行绑定,即,MAC 地址与端口绑定后,该MAC 地址的数据流只能从绑定端口进入,不能从其他端口进入。该端口可以允许其他MAC 地址的数据流通过。