Looking for a part-time job ? Click here to post your CV
Control port-access based on MAC addresses. To configure it:
Control port-access based on MAC addresses. To configure it:
–Enable
port-security on an interface “switchport port-security”
–Specify
the maximum number of MAC addresses that will be allowed “switchport port-security
maximum mac-address-number
(1-1024). By default port-security will make sure that only one MAC
address will be allowed access on each switchport.
–You
can specify MAC addresses for a switchport statically or dynamically – the switch will learn the mac addresses for the
host connected to a switchport (up to the maximum
configured); learned mac addresses can be
aged out if the hosts are silent for a period of time (by default no aging). If
after the maximum number a new host connect to that switchport, the port will go to
errdisabled
•switchport port-security maximum
2
•Switchport port-security mac-address xxxx.xxxx.xxxx
•Swtichport port-security mac-address sticky
–Define
how the interface will react in case of port-security violation:
•“switchport port-security
violation {shutdown | restrict | protect}
•Shutdown:
put port in errdisabled stated (either
re-enable manually or through err-disable recovery)
•Restrict:
the port is allowed to stay up, but all packets from violating MAC address are
dropped. (send snmp trap or syslog)
•Protect:
Port is allowed to stay up, although packets from violating addresses are
dropped. No record of violation is kept
No comments:
Post a Comment