配置交换机端口安全
实验一、绑定MAC后,更改MAC地址,不能正常通讯
<Huawei>sys
[Huawei]port-group 1to3
[Huawei-port-group-1to3]
[Huawei-port-group-1to3]group-member Ethernet 0/0/1 to Ethernet 0/0/3
[Huawei-port-group-1to3]display this
#
port-group 1to3
group-member Ethernet0/0/1
group-member Ethernet0/0/2
group-member Ethernet0/0/3
#
return
[Huawei-port-group-1to3]port-security protect-action ?
protect Discard packets
restrict Discard packets and warning
shutdown Shutdown
[Huawei-port-group-1to3]port-security protect-action shutdown
[Huawei-port-group-1to3]undo port-security protect-action
[Huawei-port-group-1to3]port-security protect-action shutdown
[Huawei-port-group-1to3]quit
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]port-security max-mac-num 1
[Huawei-Ethernet0/0/1]quit
[Huawei-port-group-1to3]port-security mac-address sticky
[Huawei-port-group-1to3]quit
PC1可以PING通PC5
PC的MAC地址73改成72
MAC地址改回73之后,必须开启节点才能启动
[Huawei]interface Ethernet 0/0/1
[Huawei-Ethernet0/0/1]undo shutdown
实验二、限制主机的数量
[Huawei-GigabitEthernet0/0/1]port-security enable
[Huawei-GigabitEthernet0/0/1]port-security max-mac-num 2
[Huawei-GigabitEthernet0/0/1]port-security protect-action protect
[Huawei-GigabitEthernet0/0/1]port-security mac-address sticky
多加一台主机,使用PC7 PING PING1
PC7不能主动发起通讯
但是PC1发起的通讯却能正常运作
但是正常绑定的却只有两台
其他
#关闭信息中心
[Huawei]undo info-center enable
实验三、绑定指定的MAC地址
[Huawei]interface Ethernet 0/0/3
[Huawei-Ethernet0/0/3]port-security enable
[Huawei-Ethernet0/0/3]port-security protect-action protect
[Huawei-Ethernet0/0/3]port-security mac-address sticky
[Huawei-Ethernet0/0/3]port-security mac-address sticky 5489-9886-2B0C vlan 1
[Huawei-Ethernet0/0/3]display this
#
interface Ethernet0/0/3
port-security enable
port-security protect-action protect
port-security mac-address sticky
#
改PC7的MAC地址
改回来就可以了
#清楚交换机接口配置
[LSW2]clear configuration interface Ethernet 0/0/4
交换机配置也记得保存一下