wiki:site:cisco:port_security:start
This is an old revision of the document!
Port security
Static
Staticke adresy jsou ulozene v address-table a v running-configu (lze je tedy ulozit)
Switch(config)# interface fastethernet 0/0
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security mac-address [mac-address]
Dynamic
Dynamicke adresy si switch zjisti sam, adresy jsou ulozene jen v address-table, po restartu switche nebo spadnuti portu se vsak smazou
Switch(config)# interface fastethernet 0/0
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security
Sticky
To same jako Dynamic, jen jsou zaroven v running-configu, lze je tedy ulozit
Switch(config)# interface fastethernet 0/0
Switch(config-if)# switchport mode access
Switch(config-if)# switchport port-security maximum 50
Switch(config-if)# switchport port-security mac-address sticky
Switch# show port security interface fastethernet 0/0
Switch# show port security address
Jak se zbavit nechtenych MAC:
Switch# clear port-security sticky interface [port-number] access
Switch(config-if)# shutdown
Switch(config-if)# no shutdown
nebo
Switch(config-if)# no switchport port-security
Switch(config-if)# switchport port-security
nebo
Switch# reload
Switch# show port-security
Switch# show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Gi0/11 5 1 0 Restrict
Gi0/12 1 0 0 Shutdown
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6176
Switch#
wiki/site/cisco/port_security/start.1516697417.txt.gz · Last modified: 2018/01/23 09:50 by root
