Shulou(Shulou.com)06/01 Report--

[Name of experiment]

Port Security Configuration for Switches

[Objective]

Master the port security function of the switch and control the user's safe access

Background Description

You are a network administrator for a company that requires strict control over the network. In order to prevent internal users from

IP address conflict, prevent internal network *** and sabotage behavior. Each employee is assigned a fixed IP address,

And limit only allow company employees host can use the network, not free to connect to other hosts. For example, an employee assigned

The IP address is 172.16.1.55/24, the MAC address of the host is 00-06-1B-DE-13-B4, and the host is connected to a 2126G.

Up there.

[Demand Analysis]

For all ports of the switch, configure the maximum number of connections to 1, and perform IP+MAC ground for the interface of the PC1 host.

Address binding.

[Experimental topology]

[Preparatory Knowledge]

Basic router configuration knowledge, port security knowledge

[Experimental Equipment]

1 exchange

PC 1

1 directly-connected network cable

[Experimental Principle]

The switch port security function refers to the configuration of security attributes for the switch port to control the user's security.

Full access. There are two main types of switch port security: one is to limit the maximum number of connections to the switch port, and the other is for the intersection.

The MAC address and IP address are bound to the switch port.

Limiting the maximum number of connections to a switch port controls the number of hosts attached to a switch port and prevents malicious actions by users.

ARP spoofing.

Address binding of switch port, flexible binding for IP address, MAC address, IP+MAC.

Strict control over users can be achieved. Secure user access and prevent common intranet ***. as

ARP spoofing, IP, MAC address spoofing, IP address ***, etc.

After configuring the port security function of the switch, when the actual application exceeds the configured requirements, a security violation will be generated.

There are three ways to deal with safety violations:

When the number of secure addresses is full, the secure port will discard unknown addresses (not the security of the port).

address).

When a violation occurs, a Trap notification is sent.

When a violation occurs, the port is closed and a Trap notification is sent.

When a port is closed due to a violation, use the command errdisable recovery in global configuration mode to

The interface recovers from an error state.

[Experimental procedures]

Step 1 Configure the maximum number of connections for switch ports

Step 2 Verify the maximum connections limit for the switch port

Step 3 Configure MAC and IP address binding for switch ports

Configure address bindings for switch ports.

Step 4 View address security binding configuration

Step 5 Configure IP address bindings for switch ports.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.