è½ã
å¨Ciscoä¸æ以ä¸ä¸ç§æ¹æ¡å¯ä¾éæ©ï¼æ¹æ¡1åæ¹æ¡2å®ç°çåè½æ¯ä¸æ ·çï¼å³å¨å
·ä½ç交æ¢æºç«¯å£ä¸ç»å®ç¹å®ç主æºçMACå°åï¼ç½å¡ç¡¬ä»¶å°åï¼ï¼æ¹æ¡3æ¯å¨å
·ä½ç交æ¢æºç«¯å£ä¸åæ¶ç»å®ç¹å®ç主æºçMACå°åï¼ç½å¡ç¡¬ä»¶å°åï¼åIPå°åã
1.æ¹æ¡1ââåºäºç«¯å£çMACå°åç»å®
æç§2950交æ¢æºä¸ºä¾ï¼ç»å½è¿å
¥äº¤æ¢æºï¼è¾å
¥ç®¡çå£ä»¤è¿å
¥é
置模å¼ï¼æ²å
¥å½ä»¤ï¼
Switch#config terminal
ï¼è¿å
¥é
置模å¼
Switch(config)# Interface fastethernet 0/1
ï¼è¿å
¥å
·ä½ç«¯å£é
置模å¼
Switch(config-if)#Switchport port-secruity
ï¼é
置端å£å®å
¨æ¨¡å¼
Switch(config-if )switchport port-security mac-address MAC(主æºçMACå°å)
ï¼é
置该端å£è¦ç»å®ç主æºçMACå°å
Switch(config-if )no switchport port-security mac-address MAC(主æºçMACå°å)
ï¼å é¤ç»å®ä¸»æºçMACå°å
注æï¼
以ä¸å½ä»¤è®¾ç½®äº¤æ¢æºä¸æ个端å£ç»å®ä¸ä¸ªå
·ä½çMACå°åï¼è¿æ ·åªæè¿ä¸ªä¸»æºå¯ä»¥ä½¿ç¨ç½ç»ï¼å¦æ对该主æºçç½å¡è¿è¡äºæ´æ¢æè
å
¶ä»PCæºæ³éè¿è¿ä¸ªç«¯å£ä½¿ç¨ç½ç»é½ä¸å¯ç¨ï¼é¤éå é¤æä¿®æ¹è¯¥ç«¯å£ä¸ç»å®çMACå°åï¼æè½æ£å¸¸ä½¿ç¨ã
注æï¼
以ä¸åè½éç¨äºæç§2950ã3550ã4500ã6500ç³»å交æ¢æº
2.æ¹æ¡2ââåºäºMACå°åçæ©å±è®¿é®å表
Switch(config)Mac access-list extended MAC10
ï¼å®ä¹ä¸ä¸ªMACå°å访é®æ§å¶å表并ä¸å½å该å表å为MAC10
Switch(config)permit host 0009.6bc4.d4bf any
ï¼å®ä¹MACå°å为0009.6bc4.d4bfç主æºå¯ä»¥è®¿é®ä»»æ主æº
Switch(config)permit any host 0009.6bc4.d4bf
ï¼å®ä¹ææ主æºå¯ä»¥è®¿é®MACå°å为0009.6bc4.d4bfç主æº
Switch(config-if )interface Fa0/20
#è¿å
¥é
ç½®å
·ä½ç«¯å£ç模å¼
Switch(config-if )mac access-group MAC10 in
ï¼å¨è¯¥ç«¯å£ä¸åºç¨å为MAC10ç访é®å表ï¼å³åé¢æ们å®ä¹ç访é®çç¥ï¼
Switch(config)no mac access-list extended MAC10
ï¼æ¸
é¤å为MAC10ç访é®å表
æ¤åè½ä¸åºç¨ä¸å¤§ä½ç¸åï¼ä½å®æ¯åºäºç«¯å£åçMACå°å访é®æ§å¶å表éå¶ï¼å¯ä»¥éå®ç¹å®æºMACå°åä¸ç®çå°åèå´ã
注æï¼
以ä¸åè½å¨æç§2950ã3550ã4500ã6500ç³»å交æ¢æºä¸å¯ä»¥å®ç°ï¼ä½æ¯éè¦æ³¨æçæ¯2950ã3550éè¦äº¤æ¢æºè¿è¡å¢å¼ºç软件éåï¼Enhanced Imageï¼ã
3.æ¹æ¡3ââIPå°åçMACå°åç»å®
åªè½å°åºç¨1æ2ä¸åºäºIPç访é®æ§å¶å表ç»åæ¥ä½¿ç¨æè½è¾¾å°IP-MAC ç»å®åè½ã
Switch(config)Mac access-list extended MAC10
ï¼å®ä¹ä¸ä¸ªMACå°å访é®æ§å¶å表并ä¸å½å该å表å为MAC10
Switch(config)permit host 0009.6bc4.d4bf any
ï¼å®ä¹MACå°å为0009.6bc4.d4bfç主æºå¯ä»¥è®¿é®ä»»æ主æº
Switch(config)permit any host 0009.6bc4.d4bf
ï¼å®ä¹ææ主æºå¯ä»¥è®¿é®MACå°å为0009.6bc4.d4bfç主æº
Switch(config)Ip access-list extended IP10
ï¼å®ä¹ä¸ä¸ªIPå°å访é®æ§å¶å表并ä¸å½å该å表å为IP10
Switch(config)Permit 192.168.0.1 0.0.0.0 any
ï¼å®ä¹IPå°å为192.168.0.1ç主æºå¯ä»¥è®¿é®ä»»æ主æº
Permit any 192.168.0.1 0.0.0.0
ï¼å®ä¹ææ主æºå¯ä»¥è®¿é®IPå°å为192.168.0.1ç主æº
Switch(config-if )interface Fa0/20
#è¿å
¥é
ç½®å
·ä½ç«¯å£ç模å¼
Switch(config-if )mac access-group MAC10 in
ï¼å¨è¯¥ç«¯å£ä¸åºç¨å为MAC10ç访é®å表ï¼å³åé¢æ们å®ä¹ç访é®çç¥ï¼
Switch(config-if )Ip access-group IP10 in
ï¼å¨è¯¥ç«¯å£ä¸åºç¨å为IP10ç访é®å表ï¼å³åé¢æ们å®ä¹ç访é®çç¥ï¼
Switch(config)no mac access-list extended MAC10
ï¼æ¸
é¤å为MAC10ç访é®å表
Switch(config)no Ip access-group IP10 in
ï¼æ¸
é¤å为IP10ç访é®å表
ä¸è¿°ææå°çåºç¨1æ¯åºäºä¸»æºMACå°åä¸äº¤æ¢æºç«¯å£çç»å®ï¼æ¹æ¡2æ¯åºäºMACå°åç访é®æ§å¶å表ï¼å两ç§æ¹æ¡æè½å®ç°çåè½å¤§ä½ä¸æ ·ãå¦æè¦åå°IPä¸MACå°åçç»å®åªè½æç
§æ¹æ¡3æ¥å®ç°ï¼å¯æ ¹æ®éæ±å°æ¹æ¡1ææ¹æ¡2ä¸IP访é®æ§å¶å表ç»åèµ·æ¥ä½¿ç¨ä»¥è¾¾å°èªå·±æ³è¦çææã
注æï¼ä»¥ä¸åè½å¨æç§2950ã3550ã4500ã6500ç³»å交æ¢æºä¸å¯ä»¥å®ç°ï¼ä½æ¯éè¦æ³¨æçæ¯2950ã3550éè¦äº¤æ¢æºè¿è¡å¢å¼ºç软件éåï¼Enhanced Imageï¼ã
追é®å¤å¶ç ï¼ æè§ä¸åå®é
å
å¾å¤å½ä»¤é误