交换机配置端口安全

1、CCNA (640-802) CCNA 200-120 Catalyst交换机默认配置IP地址：0.0.0.0CDP:启动10/100端口：自动协商生成树协议：启用控制台密码：没有端口状态：开启以太网通道：配置配置查看命令端口命名规则Show running-configShow spanning-treeShow vlanShow ip interface brief交换机配置IP地址、子网掩码和默认网关Switch(config)#interface vlan 1Switch(config-if)#ip address ip地址 子网掩码Switch(config-if)#no shutd

2、ownSwitch(config)#ip default-gateway 192.168.1.1Vlan 1 和 interface vlan 1的区别双工模式和速率半双工 (CSMA/CD)单向数据流产生冲突率高Hub连接全双工点到点的连接要求两端设备同时配置为全双工避免冲突 设置双工模式Catalyst 2950wg_sw_2950(config)#interface fe0/1wg_sw_2950(config-if)#duplex auto | full | halfShowing Duplex OptionsSwitch#show interfaces fastethernet0/3

3、FastEthernet0/3 is up, line protocol is down Hardware is Fast Ethernet, address is 0000.0000.0003 (bia 0000.0000.0003) MTU 1500 bytes, BW 100000 Kbit, DLY 100 usec, reliability 255/255, txload 1/255, rxload 1/255 Encapsulation ARPA, loopback not set Keepalive set (10 sec) Half-duplex, 10Mb/s input f

4、low-control is off, output flow-control is off ARP type: ARPA, ARP Timeout 04:00:00 Last input never, output never, output hang never Last clearing of show interface counters never Queueing strategy: fifo Output queue 0/40, 0 drops; input queue 0/75, 0 drops 5 minute input rate 0 bits/sec, 0 packets

5、/sec 5 minute output rate 0 bits/sec, 0 packets/sec 0 packets input, 0 bytes, 0 no buffer Received 0 broadcasts, 0 runts, 0 giants, 0 throttles 0 input errors, 0 CRC, 0 frame, 0 overrun, 0 ignored 0 input packets with dribble condition detected 0 packets output, 0 bytes, 0 underruns 0 output errors,

6、 0 collisions, 2 interface resets 0 babbles, 0 late collision, 0 deferred 0 lost carrier, 0 no carrier 0 output buffer failures, 0 output buffers swapped out配置PortfastPortfast命令能使端口直接进入转发状态Switch(config-if)spanning-tree portfast管理MAC地址表Catalyst 2950wg_sw_2950#show mac-address-tableDynamic Address Co

7、unt: 1Secure Address Count: 0Static Address (User-defined) Count: 0System Self Address Count: 25Total MAC addresses: 26Maximum MAC addresses: 8192Non-static Address Table:Destination Address Address Type VLAN Destination Port- - - -0050.0f02.3372 Dynamic 1 FastEthernet0/2设置静态MAC 地址wg_sw_2950(config)

8、#mac-address-table staticmac_addr vlan vlan_id interface int1 int2 . int15Catalyst 2950 only限制静态MAC地址wg_sw_2950#mac-address-table secure 0003.3333.3333 fa 0/1 vlan 1 wg_sw_2950#show mac-address-tableDynamic Address Count: 1Secure Address Count: 1Static Address (User-defined) Count: 1System Self Addr

9、ess Count: 25Total MAC addresses: 28Maximum MAC addresses: 8192Non-static Address Table:Destination Address Address Type VLAN Destination Port- - - -0050.0f02.3372 Dynamic 1 FastEthernet0/20003.3333.3333 Secure 1 FastEthernet0/1Static Address Table:Destination Address VLAN Input Port Output Ports- -

10、 - -2222.2222.2222 1 ALL Fa0/1wg_sw_2950(config)#mac-address-table secure hw-addr interface vlan vlan-id配置Port SecurityCatalyst 2950wg_sw_2950(config-if)#port security max-mac-count countwg_sw_2950(config)#interface fa0/1wg_sw_2950(config-if)#port securitywg_sw_2950(config-if)#port security max-mac-count 10在交换机上验证 Port Security wg_sw_2950#show mac-address-table securewg_sw_2950#show port-security wg_sw_2950#show mac-address-table secure Non-static Address Table:Destination Address Address Type VLAN Destination Port- - - -0003.3333.3333 Secure 1 FastEthernet0/