Register now or log in to join your professional community.
ماهو الامر على Switch لحماية الانترفيس من اجهزه غير موثوقه
باختصار شديد ندخل داخل intrerface ونكتب الامر :
switchport mode access #
switchport port security mac address sticky #
او لحجز اكثر من macswitchport port-security maximum2 #
by configuring Switch Port Security on the Access Switch, and there are three different types of secure MAC address:
•Static secure MAC addresses—This type of secure MAC address is statically configured on a switchport and is stored in an address table and in the running configuration
•Dynamic secure MAC addresses—This type of secure MAC address is learned dynamically from the traffic that is sent through the switchport. These types of addresses are kept only in an address table and not in the running configuration.
•Sticky secure MAC addresses—This type of secure MAC address can be manually configured or dynamically learned. These types of addresses are kept in an address table and in the running configuration.
then to configure after the mode The action that the device takes when one of these violations occurs can be configured:
•Protect—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, no notification action is taken when traffic is dropped.
•Restrict—This mode permits traffic from known MAC addresses to continue to be forwarded while dropping traffic from unknown MAC addresses when over the allowed MAC address limit. When configured with this mode, a syslog message is logged, a Simple Network Management Protocol (SNMP) trap is sent, and a violation counter is incremented when traffic is dropped.
•Shutdown—This mode is the default violation mode; when in this mode, the switch will automatically force the switchport into an error disabled (err-disable) state when a violation occurs. While in this state, the switchport forwards no traffic. The switchport can be brought out of this error disabled state by issuing the errdisable recovery cause CLI command or by disabling and reenabling the switchport.•Shutdown VLAN—This mode mimics the behavior of the shutdown mode but limits the error disabled state the specific violating VLAN.
There is another method for restricting devices accessing specific Vlan
which called : VACL "Vlan access control list" or PACL "Port access control list"
Restrict
Static secure MAC addresses
Shutdown
Dynamic secure MAC addresses
أولا اربط الأجهزة بمنافذها لأن في لحظة توجيه الأمر سيقوم بحفظ العناويين الفيزيائية على كل منفذ كي يسمح لها و يمنع سواها
استخدم الأمر لتالي :
switchport protected
هذا يجعل كل منفذ من منافذ السويتش يقبل فقط الجهاز المرتبط به لحظة توجيه الأمر
و شكرا على الدعوة
This problem can te address by configuring port security on that perticuler interface, genarally called as a "sticky port" and restricting traffic per basis of MAC address.
most commonly ways: using MAC address filtering protection, or dot1x authentication