Shulou(Shulou.com)06/01 Report--

Brief introduction:

The port setting of the switch is to pass a certain port of the switch and the MAC address of the computer connected below or the port of the switch.

Line binding, so that even if other computers are secretly connected to this port, it cannot be used. The advantage of the port binding of the switch is that it can limit which port a port can access and which port it cannot access, which increases security.

Related cases

Port binding

1.Mac+port binding (layer 2 and layer 3 devices)

Function: you can make the pc connected to this port not connect to other interfaces

[Quidway] mac-address static 000c-2937-1fecinterface Ethernet 0 Compact 2 vla 1

2.Arp (IP+mac) (layer 2 and layer 3 devices)

Function: can make the host of the mac always get the bound IP address. Users can only use this IP.

[Quidway] acl number 2000 [Quidway-acl-basic-2000] rule 10 permitsource 192.168.102.11 0 [Quidway-acl-basic-2000] rule 20 deny sourceany [Quidway] user-interface vty0 4 [Quidway-ui-vty0-4] acl 2000 inbound * * only 2000 tables are allowed to be remote [Quidway] ip http acl 2000 * * only 2000 tables are allowed web access to [Quidway] arp static 192.168.102.1124b6-fd45-c8c6 * * IP and mac bindings

3.Port+IP binding (enabled on layer 3 devices)

Function: devices or hosts connected to this port can only use the bound IP address.

[Quidway] am enable [Quidway-Ethernet0/1] am ip-pool192.168.102.1

Second, port isolation:

1. Switching at layer 2

[Quidway] interface eth0/2 [Quidway-Ethernet0/2] isolate Ethernet0/ 4 * * there is only one isolation group on the second layer, and there is no communication between the two.

two。 Implemented on layer 3 switch

[Quidway] am enable [Quidway] interface eth0/2 [Quidway-Ethernet0/2] am isolate Ethernet0/4 * * indicates the isolated port, which is also separated by * * the port is also isolated from this interface [Quidway-Ethernet0/2] int eth0/ 7 [Quidway-Ethernet0/7] am isolate Ethernet0/5 * * to establish another isolation group. There is no communication between the two groups within the isolation group, and between the isolation group and the isolation group.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.