一,
二,MAC地址绑定
3550-1#conf t
3550-1(config)#int f0/1
3550-1(config-if)#switchport mode access /指定端口模式。
3550-1(config-if)#switchport port-security mac-address 0090.F510.79C1 /配置MAC地址。
3550-1(config-if)#switchport port-security maximum 1 /限制此端口允许通过的MAC地址数为1。
3550-1(config-if)#switchport port-security violation shutdown(protect(不转发不报警)/restrict(不转发报警)) /当发现与上述配置不符时,端口down或者拒绝收发。
三.MAC地址过滤
3550-1(config)#mac-address-table static 0090.F510.79C1 vlan 2 drop /在相应的Vlan丢弃流量。
3550-1(config)#mac-address-table static 0090.F510.79C1 vlan 2 int f0/1 /在相应的接口丢弃流量。
四.清除安全的MAC地址
Switch(config-if)#switchport port-security maximum 1
Maximum is less than number of currently secured mac-addresses.//报错
可以清除
Switch#clear port-security ?
all Clear all secure MAC addresses
configured Clear all configured secure MAC addresses
dynamic Clear all secure MAC address auto-learned by hardware
sticky Clear all secure MAC address either auto-learned or configured
清除mac-address-table
clear mac-address-table dynamic
Switch#show mac-address-table
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
1 0001.42dd.8aee DYNAMIC Fa0/3
1 0050.0f99.ce16 DYNAMIC Fa0/2
1 0060.3e47.29da STATIC Fa0/1
五.查看安全保护的MAC地址
Switch#show port-security int f0/1
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Protect
Aging Time : 0 mins (0表示禁止老化)
Aging Type : Absolute(absolute:从上一次学习到算起,inactivity:从上一次收到来自该mac地址的包算起)
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 0
Sticky MAC Addresses : 1
Last Source Address:Vlan : 00D0.BAD0.4703:1
Security Violation Count : 0
Switch# show port-security address
Secure Mac Address Table
-------------------------------------------------------------------------------
Vlan Mac Address Type Ports Remaining Age
(mins)
---- ----------- ---- ----- -------------
1 0060.3E47.29DA SecureSticky FastEthernet0/1 -
------------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 102