Detailed MAC Address Configuration in vro Configuration

Many people may not have a special understanding of the router configuration. So I have studied the detailed configuration of the MAC address in the router configuration. I will share it with you here, hoping it will be useful to you. There are three solutions available in Cisco. solution 1 and solution 2 provide the same functionality, that is, bind the MAC address Nic hardware address of the specific host to the specific switch port). solution 3 is to bind the MAC address Nic hardware address of the specific host to the specific switch port at the same time) and IP address.

1. solution 1-Port-based MAC Address binding

Take the Cisco 2950 vswitch as an example. log on to the vswitch, enter the management password to enter the vro configuration mode, and enter the command:
Ng = 1 cellPadding = 0 width = "80%" align = left bgColor = # cccccc border = 0> Switch # config terminal # enter the vro Configuration Mode
Switch (config) # Interface fastethernet 0/1 # enter the specific port router configuration mode
Switch (config-if) # Switchport port-secruity # vro Configuration port Security Mode
Switch (config-if) switchport port-security mac-address MAC # vro configures the MAC address of the host to which the port is bound
Switch (config-if) no switchport port-security mac-address MAC # Delete the MAC address of the bound host

Note: The preceding command sets a port on the vswitch to bind a specific MAC address so that only the host can use the network, if the NIC of the host is changed or another PC wants to use the network via this port, it will not be available unless the MAC address bound to the port is deleted or modified. Note: The above functions are applicable to Cisco 2950, 3550, 4500, and 6500 series switches.

2. solution 2-Expanded access list based on MAC address

Switch (config) Mac access-list extended MAC10
# Define a MAC address access control list and name it MAC10

Switch (config) permit host 0009.6bc4.d4bf any
# A host with the MAC address 0009.6bc4.d4bf can access any host

Switch (config) permit any host 0009.6bc4.d4bf
# Define that all hosts can access hosts whose MAC address is 0009.6bc4.d4bf

Switch (config) no mac access-list extended MAC10
# Clear the access list named MAC10

This function is the same as the application, but it is a port-based MAC Address Access Control List restriction that can limit the MAC address and target address range of a specific source. Note: The above functions can be implemented on Cisco 2950, 3550, 4500, and 6500 series switches, but note that 2950 and 3550 require the switch to run the Enhanced software Image Enhanced Image ).

3. scheme 3--mac Address binding of IP Address can only be used by combining application 1 or 2 with IP address-Based Access Control List to achieve IP-MAC binding function

Switch (config) Mac access-list extended MAC10
# Define a MAC address access control list and name it MAC10

Switch (config) permit host 0009.6bc4.d4bf any
# A host with the MAC address 0009.6bc4.d4bf can access any host

The Application 1 mentioned above is based on the binding of the host MAC address and the switch port. solution 2 is the access control list based on the MAC address. The functions of the first two solutions are roughly the same. If you want to bind an IP address to a MAC address, you can bind solution 1 or solution 2 to the IP address access control list as needed to achieve the desired effect. Note: The above functions can be implemented on Cisco 2950, 3550, 4500, and 6500 series switches, but note that 2950 and 3550 require the switch to run the Enhanced software Image Enhanced Image ).