wiki.lkaplan.cz

User Tools

Site Tools

Trace:
wiki:site:cisco:port_security:start

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision 		Previous revision
wiki:site:cisco:port_security:start [2018/01/23 09:50]
root 		wiki:site:cisco:port_security:start [2018/01/23 09:57] (current)
root
Line 22: Line 22:
 >Switch# **show port security address** >Switch# **show port security address**
  
-== Jak se zbavit nechtenych MAC: ==+=== Jak se zbavit nechtenych MAC: ===
  
 >Switch# **clear port-security sticky interface** [//port-number//] **access** >Switch# **clear port-security sticky interface** [//port-number//] **access**
 +nebo
 +>Switch# **clear port-security dynamic [address** //mac-addr// **| interface** //type mod/num//**]**
 +
 >Switch(config-if)# **shutdown** >Switch(config-if)# **shutdown**
 >Switch(config-if)# **no shutdown** >Switch(config-if)# **no shutdown**
Line 33: Line 36:
 >Switch# **reload** >Switch# **reload**
  
->Switch# **show port-security**+=== Nastavení události při zjištění nepovolené MAC: === 
 +  * Switch(config-if)# **switchport port-security violation {shutdown | restrict | protect}** 
 + 
 +  * **shutdown** - port okamžitě přejde do //Errdisable// stavu, nahozen musí být ručně nebo pomocí Errdisable recovery 
 +  * **restrict** - port zůstane up, rámce s nepovolenou MAC jsou zahazovány a počítá je counter, může být odeslána SNMP/Syslog zpráva 
 +  * **protect** - port zůstane up, nepovolené rámce jsou zahazovány, nic se nezaznamenává 
 + 
 +Příklad Syslog zprávy: 
 +<code> 
 +Jun  3 17:18:41.888 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation 
 +  occurred, caused by MAC address 0000.5e00.0101 on port GigabitEthernet0/11. 
 +</code> 
 + 
 +Příklad Syslog zprávy v režimu security violation **shutdown**: 
 +<code> 
 +Jun  3 17:14:19.018 EDT: %PM-4-ERR_DISABLE: psecure-violation error detected on 
 +  Gi0/11, putting Gi0/11 in err-disable state 
 +Jun  3 17:14:19.022 EDT: %PORT_SECURITY-2-PSECURE_VIOLATION: Security violation 
 +  occurred, caused by MAC address 0003.a089.efc5 on port GigabitEthernet0/11. 
 +Jun  3 17:14:20.022 EDT: %LINEPROTO-5-UPDOWN: Line protocol on Interface Gigabit 
 +  Ethernet0/11, changed state to down 
 +Jun  3 17:14:21.023 EDT: %LINK-3-UPDOWN: Interface GigabitEthernet0/11, changed 
 +  state   to down 
 +</code> 
 + 
 +=== Show příkazy: === 
 +Switch# **show port-security interface gigabitethernet 0/11** 
 +<code> 
 +Switch# show port-security interface gigabitethernet 0/11 
 +Port Security                : Enabled 
 +Port Status                  : Secure-shutdown 
 +Violation Mode               : Shutdown 
 +Aging Time                   : 0 mins 
 +Aging Type                   : Absolute 
 +SecureStatic Address Aging   : Disabled 
 +Maximum MAC Addresses        : 1 
 +Total MAC Addresses          : 0 
 +Configured MAC Addresses     : 0 
 +Sticky MAC Addresses         : 0 
 +Last Source Address          : 0003.a089.efc5 
 +Security Violation Count     : 1 
 +Switch# 
 +</code> 
 + 
 +Switch# **show interfaces status err-disabled** 
 +<code> 
 +Switch# show interfaces status err-disabled 
 +Port       Name                 Status       Reason 
 +Gi0/11    Test port            err-disabled psecure-violation 
 +Switch# 
 +TIP 
 +When a port is moved to the errdisable state, you must either manually cycle it 
 +or configure the switch to automatically re-enable ports after a prescribed delay. 
 +To manually cycle a port and return it to service, use the following commands: 
 +Switch(config)# interface Gi 0/11 
 +Switch(config-if)# shutdown 
 +Switch(config-if)# no shutdown 
 +</code> 
 + 
 +Switch# **show port-security**
 <code> <code>
 Switch# show port-security Switch# show port-security
wiki/site/cisco/port_security/start.1516697417.txt.gz · Last modified: 2018/01/23 09:50 by root

Page Tools

Donate Powered by PHP Valid HTML5 Valid CSS Driven by DokuWiki