(神州数码)静态mac地址与端口的绑定
 
实验目的
 
         了解交换机的mac地址与端口的绑定
          配置mac地址与端口的静态绑定方式
 
实验设备<?xml:namespace prefix = o ns = "urn:schemas-microsoft-com:office:office" />

 

 DCS二层交换机
 
 
实验步骤:
switch(Config)#int vlan 1                        

 

switch(Config-If-Vlan1)#ip add 192.168.1.55 255.255.255.0   

 

switch(Config-If-Vlan1)#no shutdown                    

 

switch(Config-If-Vlan1)#exit                   

 

switch(Config)#int ethernet 0/0/1                       

 

switch(Config-Ethernet0/0/1)#switchport port-security mac-address 00-13-20-D9-66
-DB                                     //配置该端口与主机的mac地址进行绑定

 

switch(Config-Ethernet0/0/1)#exit 
 
验证配置:

 

使用命令show port-securityshow port-security address查看配置安全端口状态

switch#show port-security
<?xml:namespace prefix = st1 ns = "urn:schemas-microsoft-com:office:smarttags" />Security Port    MaxSecurityAddr     CurrentAddr       Security Action
                    (count)               (count)
--------------------------------------------------------------------------------
----
 Ethernet0/0/1             1                  1                  Protect
--------------------------------------------------------------------------------
---
Max Addresses limit per port :128
Total Addresses in System :1
switch#
 
//该信息显示此接口所绑定主机数量的最大数以及已经被绑定的主机数量。
 
 
switch#show port-security address
Security Mac Address Table
----------------------------------------------------------------------------
Vlan    Mac Address                     Type                    Ports
 1      00-13-20-d9-66-db               SecurityConfigured      Ethernet0/0/1
----------------------------------------------------------------------------
Total Addresses in System :1
Max Addresses limit in System :128
 
//显示接口所绑定的mac地址
 
有时候为了更好的使用交换机的接口不仅仅只绑定一个mac地址,交换机上的接口可以绑定多个mac地址同时也可以限制mac地址的最大数量
 

具体操作步骤:

 

switch(Config-Ethernet0/0/1)#switchport port-security maximum 4
                                      //对接口设置mac地址的最大数量限制

 

switch(Config-Ethernet0/0/1)#switchport port-security mac-address aa-aa-aa-11-11-11
                                 
switch(Config-Ethernet0/0/1)#switchport port-security mac-address aa-aa-aa-22-22-22
                          
switch(Config-Ethernet0/0/1)#switchport port-security mac-address aa-aa-aa-33-33-33                                
                                     //配置端口和mac地址之间的绑定
 
 
 

 

验证配置:
switch#show port-security
Security Port    MaxSecurityAddr     CurrentAddr       Security Action
                    (count)               (count)
--------------------------------------------------------------------------------
----
 Ethernet0/0/1             4                  4                  Protect
--------------------------------------------------------------------------------
---
Max Addresses limit per port :128
Total Addresses in System :4
switch#
 
switch#sh port-security address
Security Mac Address Table
----------------------------------------------------------------------------
Vlan    Mac Address                     Type                    Ports
 1      00-13-20-d9-66-db               SecurityConfigured      Ethernet0/0/1
 1      aa-aa-aa-11-11-11               SecurityConfigured      Ethernet0/0/1
 1      aa-aa-aa-22-22-22               SecurityConfigured      Ethernet0/0/1
 1      aa-aa-aa-33-33-33               SecurityConfigured      Ethernet0/0/1
----------------------------------------------------------------------------
Total Addresses in System :4
Max Addresses limit in System :128
switch#
//端口所绑定mac地址