Add to Favorites | Login | Register
Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

About us Contact us

Two-layer Port-security experiment

2025-02-28 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

Experiment 1: Port-security

1.SW1 and SW2 create VLAN10,R1-R4 partition to VLAN10, and assign IP statically

2. The Fa0/24 shutdown;Fa0/23 between SW is specified as access and divided into VLAN10

3. Enable Port-security in the Fa0/23 interface of SW2, and the specified interface can learn up to 3 MAC addresses. Observe the status of SW2 Fa0/23

4. Three kinds of illegal actions of experimental port-security

5. Three ways of learning mac-address of experimental port-security

6. Set the aging time of the MAC address dynamically learned by port-security to 1min

The experiment is complete, restore the configuration

Configuration of R1

R1 (config) # int f0bin0

R1 (config-if) # ip add 10.10.1.1 255.255.255.0

R1 (config-if) # no sh

R1 (config) # sh int f0bin0

FastEthernet0/0 is up, line protocol is up

Hardware is AmdFE, address is 0002.4b1e.efe0 (bia 0002.4b1e.efe0)

Configuration of R2

R2 (config) # int f0and0

R2 (config-if) # ip add 10.10.1.2 255.255.255.0

R2 (config-if) # no sh

R2 (config) # sh int f0and0

FastEthernet0/0 is up, line protocol is up

Hardware is AmdFE, address is 0013.8046.8e40 (bia 0013.8046.8e40)

Configuration of R3

R3 (config) # int f0Let0

R3 (config-if) # ip add 10.10.1.3 255.255.255.0

R3 (config-if) # no sh

R2 (config) # sh int f0and0

FastEthernet0/0 is up, line protocol is up

Hardware is AmdFE, address is 000c.ce3a.b7e0 (bia 000c.ce3a.b7e0)

Configuration of R4

R4 (config) # int e0Let0

R4 (config-if) # ip add 10.10.1.4 255.255.255.0

R4 (config-if) # no sh

Configuration of SW1

SW1 (config) # vlan 10

SW1 (config) # int range f0amp 1-3

SW1 (config-if) # switchport mode access

SW1 (config-if) # switchport access vlan 10

Configuration of SW2

SW2 (config) # vlan 10

SW2 (config) # int range f0amp 4

SW2 (config-if) # switchport mode access

SW2 (config-if) # switchport access vlan 10

SW2 (config) # interface fastethernet0/23

SW2 (config-if) # switchport mode access

SW2 (config-if) # switchport port-security

SW2 (config-if) # switchport port-security maximum 3

SW2 (config-if) # switchport port-security aging time 1 / / change the aging time 1min

SW2 (config-if) # switchport port-security aging type {absolute | inactivity} / / default aging time 300s

SW2#sh port-security int f0/23

Port Security: Enabled

Port Status: Secure-shutdown

Violation Mode: Shutdown

Aging Time: 1 mins

Aging Type: Absolute

SecureStatic Address Aging: Disabled

Maximum MAC Addresses: 3

Total MAC Addresses: 2

Configured MAC Addresses: 2

Sticky MAC Addresses: 0

Last Source Address:Vlan: 0013.8046.8e40:10

Security Violation Count: 1

SW2 (config-if) # switchport port-security mac-address sticky

SW2 (config-if) # switchport port-security mac-address 0002.4b1e.efe0

SW2 (config-if) # switchport port-security mac-address 0013.8046.8e40

* Mar 1 02 putting Fa0/23 in err-disable state 30 putting Fa0/23 in err-disable state 49 277:% PM-4-ERR_DISABLE: psecure-violation error detected on Fa0/23

SW2#sh int f0/23 status err-disabled

Port Name StatusReason Err-disabled Vlans

Fa0/23 err-disabled psecure-violation

SW2 (config-if) # switchport port-security violation restrict

/ / change the violation to restrict, the interface will not be shut down, log will pop up, and excess frames will be discarded.

SW2 (config-if) # sh

SW2 (config-if) # no sh

* Mar 1 02 caused by MAC address 0002.4b1e.efe0 on port FastEthernet0/23 16 caused by MAC address 0002.4b1e.efe0 on port FastEthernet0/23 28.422:% PORT_SECURITY-2-PSECURE_VIOLATION: Security violation occurred.

SW2 (config-if) # switchport port-security violation protected

/ / change the violation to protected, the interface will not be shut down, and excess frames will be discarded

SW2 (config-if) # sh

SW2 (config-if) # no sh

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Tag Search: Configuration experiment interface learning address time behavior between action dynamic mode state static assignment observation violation layer 2 vpn macOS Linux MariaDB MySQL Docker Shulou Information Shulou Technology Shulou Tech Info OPPO Reno Redmi Xiaomi NVidia Microsoft Huawei Apple Shulou Technology Shulou Information MariaDB Huawei Shulou Tech Info Apple vpn OPPO Reno macOS Linux Microsoft Redmi Xiaomi NVidia MySQL Docker Shulou Technology Shulou Information MariaDB Huawei Shulou Tech Info Apple vpn OPPO Reno macOS Linux Microsoft Redmi Xiaomi NVidia MySQL Docker

Share To

Related

Network Security

More Network Security >

Latest Network Security More Network Security >

Latest Internet Technology More Internet Technology >

Latest Development More Development >

Latest Database More Database >

Latest Servers More Servers >

Latest Mobile Phone More Mobile Phone >

Latest Android Software More Android Software >

Latest Apple Software More Apple Software >

Latest Computer Software News More Computer Software News >

Latest IT Information More IT Information >

Wechat

About us Contact us Product review car news thenatureplanet

© 2024 shulou.com SLNews company. All rights reserved.

12
Report