This shows you the differences between two versions of the page.
Next revision | Previous revision | ||
wiki:site:cisco:port_security:start [2016/01/18 22:14] root vytvořeno |
wiki:site:cisco:port_security:start [2018/01/23 09:57] (current) root |
||
---|---|---|---|
Line 22: | Line 22: | ||
>Switch# **show port security address** | >Switch# **show port security address** | ||
- | == Jak se zbavit nechtenych MAC: == | + | === Jak se zbavit nechtenych MAC: === |
>Switch# **clear port-security sticky interface** [// | >Switch# **clear port-security sticky interface** [// | ||
+ | nebo | ||
+ | >Switch# **clear port-security dynamic [address** // | ||
+ | |||
> | > | ||
> | > | ||
Line 32: | Line 35: | ||
nebo | nebo | ||
>Switch# **reload** | >Switch# **reload** | ||
+ | |||
+ | === Nastavení události při zjištění nepovolené MAC: === | ||
+ | * Switch(config-if)# | ||
+ | |||
+ | * **shutdown** - port okamžitě přejde do // | ||
+ | * **restrict** - port zůstane up, rámce s nepovolenou MAC jsou zahazovány a počítá je counter, může být odeslána SNMP/Syslog zpráva | ||
+ | * **protect** - port zůstane up, nepovolené rámce jsou zahazovány, | ||
+ | |||
+ | Příklad Syslog zprávy: | ||
+ | < | ||
+ | Jun 3 17: | ||
+ | occurred, caused by MAC address 0000.5e00.0101 on port GigabitEthernet0/ | ||
+ | </ | ||
+ | |||
+ | Příklad Syslog zprávy v režimu security violation **shutdown**: | ||
+ | < | ||
+ | Jun 3 17: | ||
+ | Gi0/11, putting Gi0/11 in err-disable state | ||
+ | Jun 3 17: | ||
+ | occurred, caused by MAC address 0003.a089.efc5 on port GigabitEthernet0/ | ||
+ | Jun 3 17: | ||
+ | Ethernet0/ | ||
+ | Jun 3 17: | ||
+ | state to down | ||
+ | </ | ||
+ | |||
+ | === Show příkazy: === | ||
+ | Switch# **show port-security interface gigabitethernet 0/11** | ||
+ | < | ||
+ | Switch# show port-security interface gigabitethernet 0/11 | ||
+ | Port Security | ||
+ | Port Status | ||
+ | Violation Mode : Shutdown | ||
+ | Aging Time : 0 mins | ||
+ | Aging Type : Absolute | ||
+ | SecureStatic Address Aging : Disabled | ||
+ | Maximum MAC Addresses | ||
+ | Total MAC Addresses | ||
+ | Configured MAC Addresses | ||
+ | Sticky MAC Addresses | ||
+ | Last Source Address | ||
+ | Security Violation Count : 1 | ||
+ | Switch# | ||
+ | </ | ||
+ | |||
+ | Switch# **show interfaces status err-disabled** | ||
+ | < | ||
+ | Switch# show interfaces status err-disabled | ||
+ | Port | ||
+ | Gi0/ | ||
+ | Switch# | ||
+ | TIP | ||
+ | When a port is moved to the errdisable state, you must either manually cycle it | ||
+ | or configure the switch to automatically re-enable ports after a prescribed delay. | ||
+ | To manually cycle a port and return it to service, use the following commands: | ||
+ | Switch(config)# | ||
+ | Switch(config-if)# | ||
+ | Switch(config-if)# | ||
+ | </ | ||
+ | |||
+ | Switch# **show port-security** | ||
+ | < | ||
+ | Switch# show port-security | ||
+ | Secure Port MaxSecureAddr | ||
+ | (Count) | ||
+ | --------------------------------------------------------------------------- | ||
+ | | ||
+ | | ||
+ | --------------------------------------------------------------------------- | ||
+ | Total Addresses in System (excluding one mac per port) : 0 | ||
+ | Max Addresses limit in System (excluding one mac per port) : 6176 | ||
+ | Switch# | ||
+ | </ | ||
+ |