Cisco Switch Port Security: Unterschied zwischen den Versionen
Zur Navigation springen
Zur Suche springen
Thomas (Diskussion | Beiträge) |
Thomas (Diskussion | Beiträge) |
||
| Zeile 77: | Zeile 77: | ||
Port Name Status Vlan Duplex Speed Type | Port Name Status Vlan Duplex Speed Type | ||
Fa1/0/5 err-disabled 10 auto auto 10/100BaseTX | Fa1/0/5 err-disabled 10 auto auto 10/100BaseTX | ||
| + | =Umstecken reaktivieren des Ports= | ||
| + | *switch-gelb#configure terminal | ||
| + | Enter configuration commands, one per line. End with CNTL/Z. | ||
| + | *switch-gelb(config)#interface Fa1/0/5 | ||
| + | *switch-gelb(config-if)#shutdown | ||
| + | *switch-gelb(config-if)#no shutdown | ||
| + | *switch-gelb(config-if)#do show interfaces FastEthernet1/0/5 status | ||
| + | |||
| + | Port Name Status Vlan Duplex Speed Type | ||
| + | Fa1/0/5 connected 10 a-full a-100 10/100BaseTX | ||
| + | =Anzeigen der Port Security= | ||
| + | *switch-gelb#show port-security | ||
| + | <pre> | ||
| + | Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action | ||
| + | (Count) (Count) (Count) | ||
| + | --------------------------------------------------------------------------- | ||
| + | Fa1/0/3 1 0 0 Shutdown | ||
| + | Fa1/0/5 1 1 0 Shutdown | ||
| + | --------------------------------------------------------------------------- | ||
| + | Total Addresses in System (excluding one mac per port) : 0 | ||
| + | Max Addresses limit in System (excluding one mac per port) : 6144 | ||
| + | </pre> | ||
=Links= | =Links= | ||
*http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt.html#wp1031380 | *http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_55_se/configuration/guide/3560_scg/swstpopt.html#wp1031380 | ||
Version vom 2. Februar 2016, 11:34 Uhr
Einstellen Port Fast
Der Befehl dient hier nur dazu das die Reaktionszeit von 30 Sekunden auf sofort umgesetzt wird. Sollte man nur an Switchendgeräten so einstellen.
- switch-gelb(config)#spanning-tree portfast default
Einstecken in Port Fa1/0/5
- switch-gelb#show mac address-table
... 10 001c.25a1.aee4 DYNAMIC Fa1/0/5 ...
Einstellen der Port Security
- switch-gelb#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
- switch-gelb(config)#interface Fa1/0/5
- switch-gelb(config-if)#switchport port-security
Command rejected: FastEthernet1/0/5 is a dynamic port.
Port muss im Access oder Trunk Mode sein
- switch-gelb(config-if)#switchport mode access
- switch-gelb(config-if)#switchport port-security
- switch-gelb(config-if)#end
Type wechselt von dynamic auf static
Von Portsecurity registriert
- switch-gelb#show mac address-table
... 10 001c.25a1.aee4 STATIC Fa1/0/5 ...
Feste Mac Adresse vogeben
- switch-gelb#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
- switch-gelb(config)#interface Fa1/0/5
- switch-gelb(config-if)#switchport port-security mac-address 0012.3456.789a
Total secure mac-addresses on interface FastEthernet1/0/5 has reached maximum limit.
Das liegt daran das man per default nur 1 Mac Adresse zu vergeben ist.
Wir wechseln zu einem anderen Port
- switch-gelb#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
- switch-gelb(config)#interface Fa1/0/4
- switch-gelb(config-if)#switchport port-security mac-address 0012.3456.8888
Eintrag in der Running Config
- switch-gelb(config-if)#do show run int Fa1/0/4
Building configuration... Current configuration : 139 bytes ! interface FastEthernet1/0/4 switchport access vlan 10 switchport mode access switchport port-security mac-address 0012.3456.8888 end
Einstöpseln eines anderen Computers
- switch-gelb(config-if)#do show mac address-table
... 0001.2e34.b06a STATIC Fa1/0/5 ...
Der Zustand an diesem Port ist momentan ermöglich es das genau eine beliebige Mac Addresse über ihn kommuniziert. Es ist ist nicht möglich einen Home Office Switch anzuschliessen mit mehreren Geräten.
Sticky Mode setzen
Die erste Mac Adresse die kommt wird registiert.
- switch-gelb(config-if)#switchport port-security mac-address sticky
Danach ping absetzen
- switch-gelb(config-if)#do show run int Fa1/0/5
Building configuration... Current configuration : 217 bytes ! interface FastEthernet1/0/5 switchport access vlan 10 switchport mode access switchport port-security switchport port-security mac-address sticky switchport port-security mac-address sticky 0001.2e34.b06a end
Umstecken und Pingen - Port gehte in Status err-disabled
- switch-gelb#show interfaces FastEthernet1/0/5 status
Port Name Status Vlan Duplex Speed Type Fa1/0/5 err-disabled 10 auto auto 10/100BaseTX
Umstecken reaktivieren des Ports
- switch-gelb#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
- switch-gelb(config)#interface Fa1/0/5
- switch-gelb(config-if)#shutdown
- switch-gelb(config-if)#no shutdown
- switch-gelb(config-if)#do show interfaces FastEthernet1/0/5 status
Port Name Status Vlan Duplex Speed Type Fa1/0/5 connected 10 a-full a-100 10/100BaseTX
Anzeigen der Port Security
- switch-gelb#show port-security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Fa1/0/3 1 0 0 Shutdown
Fa1/0/5 1 1 0 Shutdown
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144