port-security

2023年7月11日 22:30

初期設定

iosv-0,1はそれぞれ10.1.1.0/24の.1と.2

port-security(沼った)


SW1(config)#int gi0/0
SW1(config-if)#switchport mode access 
SW1(config-if)#switchport port-security
SW1(config-if)#switchport port-security mac-address sticky
SW1(config-if)#switchport port-security aging time 30
SW1(config-if)#end
*Jul 11 12:54:11.939: %SYS-5-CONFIG_I: Configured from console by console
SW1#sh port-security
Secure Port  MaxSecureAddr  CurrentAddr  SecurityViolation  Security Action
                (Count)       (Count)          (Count)
---------------------------------------------------------------------------
      Gi0/0              1            1                  0         Shutdown
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port)     : 0
Max Addresses limit in System (excluding one mac per port) : 4096

SW1#sh port-security interface gi0/0
Port Security              : Enabled
Port Status                : Secure-up
Violation Mode             : Shutdown
Aging Time                 : 30 mins
Aging Type                 : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses      : 1
Total MAC Addresses        : 1
Configured MAC Addresses   : 0
Sticky MAC Addresses       : 1
Last Source Address:Vlan   : 5254.0019.693c:1
Security Violation Count   : 0

(config-if)#switchport port-securityを入れないとポートセキュリティは有効にならない。
(config-if)#switchport port-security mac-address stickyだけではだめ。

iosv-0(config)#int gi0/0
iosv-0(config-if)#mac-address 1.2.3

SW1#sh run | sec switchport
 switchport mode access
 switchport port-security mac-address sticky
 switchport port-security mac-address sticky 5254.0019.693c
 switchport port-security aging time 30
 switchport port-security
SW1#sh int gi0/0 status

Port      Name               Status       Vlan       Duplex  Speed Type 
Gi0/0                        err-disabled 1            auto   auto RJ45

マックアドレスを変更するとerr-diableになる。

SW1(config)#int gi0/0
SW1(config-if)#shut
SW1(config-if)#
*Jul 11 13:23:58.143: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
SW1(config-if)#no shut
SW1(config-if)#
*Jul 11 13:24:04.093: %LINK-3-UPDOWN: Interface GigabitEthernet0/0, changed state to up
*Jul 11 13:24:05.093: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to up
SW1(config-if)#end
SW1#sh int gi
*Jul 11 13:24:07.355: %SYS-5-CONFIG_I: Configured from console by console
SW1#sh int gi0/0 status

Port      Name               Status       Vlan       Duplex  Speed Type
Gi0/0                        connected    1          a-full   auto RJ45

シャットダウンしてからアップさせると元に戻る。

この記事が気に入ったらサポートをしてみませんか？