Cisco WS-C2960G-8TC-L Konfigurasi - Halaman 20

Jelajahi secara online atau unduh pdf Konfigurasi untuk Router Jaringan Cisco WS-C2960G-8TC-L. Cisco WS-C2960G-8TC-L 30 halaman. Swtich configuration
Juga untuk Cisco WS-C2960G-8TC-L: Spesifikasi (2 halaman)

Halaman Cetak

376

Chapter 12: Initial Switch Conﬁguration

switch(config-if)# switchport port-security

switch(config-if)# switchport port-security maximum value

switch(config-if)# switchport port-security violation

switch(config-if)# switchport port-security mac-address MAC_address

switch(config-if)# switchport port-security mac-address sticky

Be familiar with conﬁguring

port security with the switchport

port-security commands (enabling it,

First, you must enter the appropriate interface where you want to set up restricted

security. The first command, switchport mode access, defines the interface

as a host (access) port instead of a trunk port (trunking is explained in Chapter 13).

The second command places the access port in a specific VLAN (also discussed

Set the maximum to

1 address for an interface to prevent

spooﬁng of MAC addresses: only one

MAC address is learned.

The fifth command on the interface specifies what should occur if a security

violation occurs—the MAC address is seen connected to a different port. Three

options are possible:

protect When the number of secure addresses reaches the maximum

■

number allowed, any additionally learned addresses will be dropped. This

applies only if you have enabled the sticky option, discussed in the next

paragraph.

restrict Causes the switch to generate a security violation alert.

■

shutdown Causes the switch to generate an alert and to disable the

■

interface. The only way to re-enable the interface is to use the no shutdown

command. This is the default violation mode if you don't specify the mode.

protect|restrict|shutdown

limiting the MAC addresses, violation mode,

and sticky learning).

in Chapter 13). The third command on the

interface, switchport port-security,

enables port security (it is disabled, by default).

The fourth command, switchport port-

security maximum, specifies the maximum

number of devices that can be associated with

the interface. This defaults to 1 and can range

from 1 to 132.