Analysis of switch port security examples

[Experiment name]
Port security configuration of the switch
[Experiment purpose]
Master the port security function of the switch and control the user's secure access
[Background description]
You are A network administrator for a company that requires strict control over the network. In order to prevent
IP address conflicts of users within the company and prevent network attacks and sabotage within the company. Each employee is assigned a fixed IP address,
and only company employee hosts are allowed to use the network, and they are not allowed to connect to other hosts at will. For example: the
IP address assigned to an employee is 172.16.1.55/24, the host MAC address is 00-06-1B-DE-13-B4, and the host is connected to a 2126G
.
[Requirement Analysis]
For all ports of the switch, configure the maximum number of connections to 1, and perform IP+MAC address
binding for the interface of the PC1 host.

[Experimental Principle]
The switch port security function refers to configuring the security attributes of the switch port to control the user's safe access. There are two main types of switch port security: one is to limit the maximum number of connections on the switch port, and the other is to bind the MAC address and IP address of the switch port.
Limiting the maximum number of connections on a switch port can control the number of hosts connected to the switch port and prevent users from malicious
ARP spoofing.
The address binding of the switch port can be flexibly bound for IP address, MAC address, and IP+MAC.
Can achieve strict control over users. Ensure users' safe access and prevent common intranet network attacks. Such as
ARP spoofing, IP, MAC address spoofing, IP address spoofing, etc.
After configuring the port security function of the switch, when the actual application exceeds the configuration requirements, a security violation will be generated.
There are three ways to handle security violations:
? protect When the number of safe addresses is full Afterwards, the secure port will drop packets with unknown addresses (not any of the secure
addresses for that port).
? restrict When a violation occurs, a Trap notification will be sent.
? shutdown When a violation occurs, the port will be closed and a Trap notification will be sent.
? When the port is closed due to a violation, use the command errdisable recovery in global configuration mode to recover the
interface from the error state.
[Experimental steps]
The first step: Configure the maximum connection limit of the switch port

The second step: Verify the maximum connection limit of the switch port

Step 3: Configure the MAC and IP address binding of the switch port

Step 4: View the address security binding configuration

Step 5: Configure the IP of the switch port

The above is the detailed content of Analysis of switch port security examples. For more information, please follow other related articles on the PHP Chinese website!