We had to do this in a room that was to be used by members of the public. There was no way I was going to leave the room with connections onto the network that would allow any old pice of equipment to connect so with the help of port security I locekd the sockets to one PC each.
Cisco3560(config)#int F0/1
Cisco3560(config-if)#switchport port-security violation protect
Cisco3560(config-if)#switchport port-security mac-address 00c0.0884.2358
the above commands set the single useable mac address, and violation mode to protect ( which just stops the port working for any other MAC )
one last thing you must do is to actualy turn on port security on the port
Cisco3560(config-if)#switchport port-security
you can then show the security in enable mode
Cisco3560#sh port security
Secure Port MaxSecureAddr CurrentAddr SecurityViolation Security Action
(Count) (Count) (Count)
---------------------------------------------------------------------------
Fa0/5 1 1 0 Protect
Fa0/22 1 1 0 Protect
---------------------------------------------------------------------------
Total Addresses in System (excluding one mac per port) : 0
Max Addresses limit in System (excluding one mac per port) : 6144
As you can see above, 2 ports are protected. Further information can be gleaned from
Cisco3560#sh port-security int f0/5
Port Security : Enabled
Port Status : Secure-up
Violation Mode : Protect
Aging Time : 0 mins
Aging Type : Absolute
SecureStatic Address Aging : Disabled
Maximum MAC Addresses : 1
Total MAC Addresses : 1
Configured MAC Addresses : 1
Sticky MAC Addresses : 0
Last Source Address:Vlan : 0000.0000.0000:0
Security Violation Count : 0
Remember to write the config ;)
In this setup the port will go into protection if the wrong equipment is plugged in and return to normal once the correct equipment is plugged in.
You can use "violation shutdown" to disable the port untill you go into the switch to re-enable
or "violation restrict" which should inform the network manager via SNMP...
have fun
Rob
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment