Binding the MAC address and port of the vswitch ------ learning notes
Tutorial 1: binding the MAC address and port of a vswitch
1. Tutorial Purpose
(1) understand the significance and functions of the two-layer switch MAC Address binding technology.
(2) Master how to bind the MAC address of the vswitch
2. Lab Device
Computer (> 1 unit), switch (1 unit), Console cable (1 unit), and twisted pair wires (> 1 unit)
3. experiment content
Generally, a vswitch supports the dynamic learning of MAC addresses. Each port can dynamically learn multiple MAC addresses to forward known MAC address data streams between ports. When the MAC address ages, broadcast the address. That is to say, a vswitch can forward a MAC address after learning it on an interface. If you switch the connection to another interface, the vswitch will learn the MAC address again, in this way, data is forwarded on the newly switched interface.
However, in some cases, you need to bind the MAC address to the port to ensure security and ease of management. The port only allows the forwarding of data streams bound to the MAC. That is, after the MAC address and port are bound, the data stream of the MAC address can only enter from the bound port, and other data streams of MAC addresses not bound to the port cannot enter from the port.
Binding MAC addresses and ports can effectively prevent access from unfamiliar computers and prevent unauthorized switch ports.
Configuration command:
1. enable port MAC Address binding
Format (port configuration mode): switchport port-security
2. Port MAC address locking
A) Format (port configuration mode): switchport port-security lock
Explanation: Lock the port. When the port is locked, the MAC address learning function of the port is disabled;
B) format (port configuration mode): switchport port-security convert
Explanation: Convert the dynamic security MAC address learned from the port to a static security MAC address.
C) format (port configuration mode): switchport port-security timeout <value>
Explanation: Enable the port lock timer function
D) Format (port configuration mode): switchport port-security mac-address <mac-address>
Explanation: Add a static secure MAC address
3. Configure MAC Address binding attributes
A) Format (port configuration mode): switchport port-security maximum <value>
Explanation: set the maximum number of secure MAC addresses for a vswitch Port
B) format (port configuration mode): switchport port-security violation {protect | shutdown}
Explanation: Set the port handling method when the port binding rule is violated. When the protection mode violates the rules, the data frame is simply discarded. When the shutdown mode is used, the port is shut down.
Tutorial steps:
Figure 1: MAC Address binding Topology
1. Test and prepare before the experiment: Set PC0 IP address to 192.168.0.1; PC1 ip address to 192.168.0.2. PC0 connects to the FastEthernet 0/1 port and PC1 connects to the FastEthernet 0/2 port.
Run the ipconfig/all command on PC0 to obtain the MAC address 00E0. A360.C454.
The MAC address of PC1 is as follows: 000D. BDAD. DACD.
Ping PC1 on PC0:
2. Configure MAC Address binding
Switch> enable
Switch # configure t
Switch (config) # interface f0/1
Switch (config-if) # switchport mode access Configure port f0/1 as access mode
Switch (config-if) # switchport port-security enable the MAC address binding function
Switch (config-if) # switchport port-security mac-address 00E0. A360.C454 bind the static security MAC address on port f0/1 to 00E0. A360.C454
Switch (config-if) # switchport port-security violation protect Configure port binding violation handling as protect mode
Use the show port-secutity address command to display the binding result:
Test connection:
1. ping PC1 on PC0:
Test results show that PC0 can access PC1
2. Change the host to PC2 on port f0/1 of the vswitch, And the MAC address is 0060.3E4D.02A2. The IP address is configured as the same IP address as PC0: 192.168.0.1.
The connection diagram is as follows:
PING PC1 on PC2:
Indicates that PC2 cannot be connected to a vswitch.
Section: 1. Bind the security protocol of the MAC application through a manual port.
2. Self-learning.