Muhammad al-xorazmiy nomidagi toshkent axborot texnologiyalari universiteti qarshi filiali
switchport port-security violation restrict
Yüklə 483,4 Kb. Pdf görüntüsü
|
| switchport port-security violation restrict
– buzilishga javob berish rjimini ko`rsatish. Bunda, agar interfeysda uchinchi notanish MAC-manzil paydo bo`lsa, undan keluvchi barcha paketlar qabul qilinmaydi. Undan tashqari syslog, SNMP trap, violetion counter ka`bi jurnallashtiruvchilarga xabar jo`natiladi. switchport port-security violation shutdown - buzilish aniqlanganda interfeysni error-disabled holatiga o`tkazadi va o`chiradi. Undan tashqari syslog, SNMP trap, violetion counter ka`bi jurnallashtiruvchilarga xabar jo`natiladi. Ushbu holatdan chiqarish uchun shutdown va no shutdown buyruqlaridan foydalaniladi. Agar interfeysga switchport port-security violation protect buyrug`i kiritilgan bo`lsa, unda notanish MAC-manzil paketlari qabul qilinmaydi va xech qanday xabar yaratilmaydi, hamda port shutdown holatiga o`tmaydi. Ushbu usullardan switchport port-security violation restrict ko`pchilik hollarda tavsiya etiladi. − − switch (config) # interface ethernet 0/1 switch (config-if) # switchport port-security mac- address 0050.3e8d.6400 − − − − switch(config)# interface Fastethernet0/3 switch(config-if)# switchport mode access switch(config-if)# switchport port-security maximum 3 switch(config-if)# switchport port-security switch(config-if)# switchport port-security violation MAC-manzillar jadvalini tozalash Boshqa qurilmalar ulanishi uchun MAC-manzillar jadvalini tozalash: Port-security sozlanishlari haqidagi ma‟lumotlarni ko`rish Topshiriq − 2.4-rasmda keltirilgan tarmoq topologiyasini Cisco Packet Tracer dasturida tuzish talab qilinadi; − Har bir kompyuter uchun IP manzilni sozlang va MAC manzillarni 2.2- rasmda ko`rsatilgandek aniqlang; − Kommutatorning har bir portlariga xavfsizlik ko`rsatkichlarini sozlang; − 2.1-jadvalga yuqorida keltirilgan topshiriqlarni kiriting. 2.4-rasm. Tarmoq topologiyasi. 2.1-jadval Qurilma IP-manzil МАС-manzil Interfeys Port rejimlari Laptop0 192.168.1.1 00E0.F902.D683 Fa0 n/a Laptop1 192.168.1.2 000B.BE9B.EE4A Fa0 n/a switch# clear port-security [all|configured|dynamic|sticky] [address #clear port-security all switch #clear port-security configured switch #clear port-security dynamic switch #clear port- security sticky switch# show port-security switch# show port-security interface fa0/3 switch# show port-security address Laptop2 192.168.1.3 00D0.5819.04E3 Fa0 n/a Laptop3 192.168.1.4 0004.9AB9.DAC2 Fa0 n/a Laptop4 192.168.1.5 00D0.BAC2.8C58 Fa0 n/a Laptop5 192.168.1.6 0000.0C6E.01E0 Fa0 n/a SW1 N/A N/A Fa0/1 sticky SW1 N/A N/A Fa0/2 mac-address 00D0.5819.04E3 SW1 N/A N/A Fa0/3 violation protect SW1 N/A N/A Fa0/5-24 Shutdown SW2 N/A N/A Fa0/1 restrict SW2 N/A N/A Fa0/2 restrict SW2 N/A N/A Fa0/3 Protect SW2 N/A N/A Fa0/4 maximum 4 Ishni bajarish tartibi Switch>enable Switch#configure terminal Switch(config)#hostna me Sw1 Sw1(config)#interface fa0/1 Yüklə 483,4 Kb. Dostları ilə paylaş:
|