![图片[1]-18.2 配置端口安全-大赛人网](https://www.dsrw.com/wp-content/uploads/2023/03/图片45-3-1024x578.png)
1.SW1配置
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 10
[SW1]interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 10
2.G0/0/1配置端口安全,只能允许一台主机接入
[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port-security enable
[SW1-GigabitEthernet0/0/1]port-security max-mac-num 1
[SW1-GigabitEthernet0/0/1]port-security protect-action shutdown
3.PC1与PC3连通性测试
PC>ping 192.168.10.3
Ping 192.168.10.3: 32 data bytes, Press Ctrl_C to break
From 192.168.10.3: bytes=32 seq=1 ttl=128 time=32 ms
4.PC2与PC3连通性测试
PC>ping 192.168.10.3
Ping 192.168.10.3: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
5.G0/0/1端口恢复方法一:接口模式下开启端口
[SW1]display interface brief
GigabitEthernet0/0/1 *down down 0% 0% 0 0
[SW1-GigabitEthernet0/0/1]undo shutdown
SW1]display interface brief
GigabitEthernet0/0/1 up up 0% 0% 0 0
6.G0/0/1端口恢复方法二:全局模式配置自动恢复
[SW1]error-down auto-recovery cause auto-defend interval 30
7.端口保护模式三种
[SW1-GigabitEthernet0/0/1]port-security protect-action protect
//protect,接口将丢弃源MAC地址与MAC地址表不匹配的报文。
[SW1-GigabitEthernet0/0/1]port-security protect-action restrict
//restrict,接口将丢弃源地址在MAC表以外的报文,同时发出警告。
[SW1-GigabitEthernet0/0/1]port-security protect-action shutdown
//shutdown,接口将执行关闭端口。
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
请登录后查看评论内容