端口安全基本配置

1.top图

2.交换机配置

复制代码
交换机swa
<SWA> system-view
[SWA] vlan batch 10 20


[SWA] interface GigabitEthernet0/0/1
[SWA-GigabitEthernet0/0/1] port link-type trunk
[SWA-GigabitEthernet0/0/1] port trunk allow-pass vlan 10


[SWA] interface GigabitEthernet0/0/2
[SWA-GigabitEthernet0/0/2] port link-type trunk
[SWA-GigabitEthernet0/0/2] port trunk allow-pass vlan 20

交换机swb
<SWB> system-view
[SWB] vlan 10
[SWB-vlan10] quit
[SWB] interface GigabitEthernet0/0/1   
[SWB-GigabitEthernet0/0/1] port link-type access
[SWB-GigabitEthernet0/0/1] port default vlan 10
[SWB] interface GigabitEthernet0/0/2    
[SWB-GigabitEthernet0/0/2] port link-type access
[SWB-GigabitEthernet0/0/2] port default vlan 10
[SWB-GigabitEthernet0/0/1] port-security enable
[SWB-GigabitEthernet0/0/1] port-security max-mac-num 1
[SWB-GigabitEthernet0/0/1] port-security mac-address static 5489-983F-24E5 vlan 10
[SWB-GigabitEthernet0/0/1] port-security protect-action shutdown
[SWB-GigabitEthernet0/0/2] port-security enable
[SWB-GigabitEthernet0/0/2] port-security max-mac-num 1
[SWB-GigabitEthernet0/0/2] port-security mac-address static 5489-98a4-2424 vlan 10
[SWB-GigabitEthernet0/0/2] port-security protect-action shutdown
[SWB] interface GigabitEthernet0/0/3
[SWB-GigabitEthernet0/0/24] port link-type trunk
[SWB-GigabitEthernet0/0/24] port trunk allow-pass vlan 10

交换机swc
<SWC> system-view
[SWC] vlan 20
[SWC-vlan20] quit
[SWC] interface GigabitEthernet0/0/1    
[SWC-GigabitEthernet0/0/1] port link-type access
[SWC-GigabitEthernet0/0/1] port default vlan 20
[SWC] interface GigabitEthernet0/0/2    
[SWC-GigabitEthernet0/0/2] port link-type access
[SWC-GigabitEthernet0/0/2] port default vlan 20
[SWC-GigabitEthernet0/0/1] port-security enable
[SWC-GigabitEthernet0/0/1] port-security max-mac-num 1
[SWC-GigabitEthernet0/0/1] port-security mac-address dynamic
[SWC-GigabitEthernet0/0/1] port-security aging-time 5   
[SWC-GigabitEthernet0/0/1] port-security protect-action restrict
[SWC-GigabitEthernet0/0/2] port-security enable
[SWC-GigabitEthernet0/0/2] port-security max-mac-num 1
[SWC-GigabitEthernet0/0/2] port-security mac-address dynamic
[SWC-GigabitEthernet0/0/2] port-security aging-time 5
[SWC-GigabitEthernet0/0/2] port-security protect-action restrict
[SWC] interface GigabitEthernet0/0/3
[SWC-GigabitEthernet0/0/24] port link-type trunk
[SWC-GigabitEthernet0/0/24] port trunk allow-pass vlan 20

3.ping

相关推荐
ylscode4 小时前
OpenSSH 10.4 正式发布:后量子加密落地,多项高危漏洞得到修复
网络·安全·网络安全
DianSan_ERP5 小时前
电商架构演进:如何在高并发场景下实现多平台API的标准化履约?
运维·前端·网络·安全·架构·自动化
恒5395 小时前
Linux文件系统I
linux·运维·服务器
阿成学长_Cain5 小时前
Linux ipcs 命令超全详解:查看共享内存 / 消息队列 / 信号量,IPC 运维必备
linux·运维·服务器·网络·数据库
青瓦梦滋6 小时前
协议定制/序列化-反序列化(Linux视角)
linux·服务器·网络·c++
搭贝6 小时前
低代码平台构建EHS环境健康安全管理系统:从隐患排查到合规审计的全流程实操指南
安全·低代码
驭渊的小故事9 小时前
网络原理01(两千字解析)
网络
doiito10 小时前
【Web安全,微服务安全】HashiCorp Vault 项目深度分析报告
安全·微服务
一拳一个娘娘腔10 小时前
第八期:实战演练 —— 构建一个完整的攻击链(模拟)
安全