1、SW1基础配置
#
vlan 10
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
2、SW1接口g0/0/2开启端口安全
#
interface GigabitEthernet0/0/2
port-security enable
#
此时,PC2可以与PC1通信,PC3无法与PC1通信,原因是由于PC2和PC3上连交换机的接口开启了端口安全,默认情况下,交换机接口学习MAC地址限制数量为1个
3、SW1接口g0/0/2设置端口允许的最大MAC地址数
#
interface GigabitEthernet0/0/2
port-security max-mac-num 3
#
此时,PC1/PC2/PC3都可以正常通信了。
4、SW1接口g0/0/2接口开启Sticky MAC功能
#
interface GigabitEthernet0/0/2
port-security mac-address sticky
#
[SW]display mac-address sticky
MAC address table of slot 0:
-------------------------------------------------------------------------------
MAC Address VLAN/ PEVLAN CEVLAN Port Type LSP/LSR-ID
VSI/SI MAC-Tunnel
-------------------------------------------------------------------------------
5489-9896-07d2 10 - - GE0/0/2 sticky -
5489-9877-6335 10 - - GE0/0/2 sticky -
-------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 2
#手工添加mac方法:
int g0/0/2
port-security mac-addres sticky 1111-1111-1111 vlan 10
浙公网安备 33010602011771号