Shulou(Shulou.com)05/31 Report--

The content of this article mainly focuses on the example analysis of the port security of the switch. the content of the article is clear and clear, which is very suitable for beginners to learn and is worth reading. Interested friends can follow the editor to read together. I hope you can get something through this article!

[name of experiment]

Port security configuration of the switch

[purpose of the experiment]

Master the port security function of the switch and control the secure access of users

[background description]

You are the network administrator of a company, and the company requires strict control of the network. In order to prevent internal users of the company

IP address conflicts to prevent network and sabotage within the company. Each employee is assigned a fixed IP address

And the restriction only allows the company employee host to use the network, not to connect to other hosts at will. For example: assigned by an employee

The IP address is 172.16.1.55 IP 24, the host MAC address is 00-06-1B-DE-13-B4, and the host is connected to a 2126G.

Up there.

[demand Analysis]

Configure a maximum number of connections of 1 for all ports of the switch and IP+MAC for the interface of the PC1 host

Address binding.

[experimental principle]

The switch port security function refers to the configuration of security attributes for the port of the switch, so as to control the security of users.

Full access. There are two main types of switch port security: one is to limit the maximum number of connections to the switch port, and the other is for traffic.

The exchange port binds MAC address and IP address.

Limiting the maximum number of connections to the switch port can control the number of hosts connected under the switch port and prevent users from maliciously

ARP deception.

The address binding of the switch port can be flexibly bound for IP address, MAC address and IP+MAC.

Strict control of users can be achieved. Ensure the secure access of users and prevent the common intranet network. Such as

ARP spoofing, IP, MAC address spoofing, IP address * *, etc.

After configuring the port security function of the switch, when the actual application exceeds the requirements of the configuration, a security violation will occur.

There are three ways to deal with safety violations:

? Protect when the number of secure addresses is full, the secure port will discard unknown addresses (not the security of the port

Any one of the addresses).

? Restrict sends a Trap notification when a violation occurs.

? Shutdown when a violation occurs, the port is closed and an Trap notification is sent.

? When the port is shut down because of an violation, use the command errdisable recovery in global configuration mode to set the

The interface recovers from the error state.

[experimental steps]

Step 1: configure the maximum number of connections for the switch port

Step 2: verify the maximum number of connections for the switch port

Step 3: configure the MAC of the switch port to bind to the IP address

Step 4: view the address security binding configuration

Step 5: configure the IP of the switch port

Thank you for your reading. I believe you have some understanding of the "port security case analysis of the switch". Go and practice it. If you want to know more about it, you can follow the website! The editor will continue to bring you better articles!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.