ç¨å½ä»¤å¨ç»å®ï¼å
·ä½æ¹æ³å¦ä¸ï¼
ä¸ãåºäºç«¯å£çMACå°åç»å®
æç§2950交æ¢æºä¸ºä¾ï¼ç»å½è¿å
¥äº¤æ¢æºï¼è¾å
¥ç®¡çå£ä»¤è¿å
¥é
置模å¼ï¼æ²å
¥å½ä»¤ï¼
Switchï¼c onfig terminal
è¿å
¥é
置模å¼
Switchï¼configï¼# Interface fastethernet 0/1
ï¼è¿å
¥å
·ä½ç«¯å£é
置模å¼
Switchï¼config-ifï¼#Switchport port-secruity
ï¼é
置端å£å®å
¨æ¨¡å¼
Switchï¼config-if ï¼switchport port-security mac-address MACï¼ä¸»æºçMACå°åï¼
ï¼é
置该端å£è¦ç»å®ç主æºçMACå°å
Switchï¼config-if ï¼no switchport port-security mac-address MACï¼ä¸»æºçMACå°åï¼
ï¼å é¤ç»å®ä¸»æºçMACå°å
äºãåºäºMACå°åçæ©å±è®¿é®å表
Switchï¼configï¼Mac access-list extended MAC
ï¼å®ä¹ä¸ä¸ªMACå°å访é®æ§å¶å表并ä¸å½å该å表å为MAC
Switchï¼configï¼permit host 0009.6bc4.d4bf any
ï¼å®ä¹MACå°å为0009.6bc4.d4bfç主æºå¯ä»¥è®¿é®ä»»æ主æº
Switchï¼configï¼permit any host 0009.6bc4.d4bf
ï¼å®ä¹ææ主æºå¯ä»¥è®¿é®MACå°å为0009.6bc4.d4bfç主æº
Switchï¼config-if ï¼interface Fa0/20
#è¿å
¥é
ç½®å
·ä½ç«¯å£ç模å¼
Switchï¼config-if ï¼mac access-group MAC in
ï¼å¨è¯¥ç«¯å£ä¸åºç¨å为MACç访é®å表ï¼å³åé¢æ们å®ä¹ç访é®çç¥ï¼
Switchï¼configï¼no mac access-list extended MAC
ï¼æ¸
é¤å为MACç访é®å表
ä¸ãIPå°åçMACå°åç»å®
åªè½å°åºç¨1æ2ä¸åºäºIPç访é®æ§å¶å表ç»åæ¥ä½¿ç¨æè½è¾¾å°IP-MAC ç»å®åè½ã
Switchï¼configï¼Mac access-list extended MAC
ï¼å®ä¹ä¸ä¸ªMACå°å访é®æ§å¶å表并ä¸å½å该å表å为MAC
Switchï¼configï¼permit host 0009.6bc4.d4bf any
ï¼å®ä¹MACå°å为0009.6bc4.d4bfç主æºå¯ä»¥è®¿é®ä»»æ主æº
Switchï¼configï¼permit any host 0009.6bc4.d4bf
ï¼å®ä¹ææ主æºå¯ä»¥è®¿é®MACå°å为0009.6bc4.d4bfç主æº
Switchï¼configï¼Ip access-list extended IP
ï¼å®ä¹ä¸ä¸ªIPå°å访é®æ§å¶å表并ä¸å½å该å表å为IP
Switchï¼configï¼Permit 192.168.0.1 0.0.0.0 any
ï¼å®ä¹IPå°å为192.168.0.1ç主æºå¯ä»¥è®¿é®ä»»æ主æº
Permit any 192.168.0.1 0.0.0.0
ï¼å®ä¹ææ主æºå¯ä»¥è®¿é®IPå°å为192.168.0.1ç主æº
Switchï¼config-if ï¼interface Fa0/20
#è¿å
¥é
ç½®å
·ä½ç«¯å£ç模å¼
Switchï¼config-if ï¼mac access-group MAC1in
ï¼å¨è¯¥ç«¯å£ä¸åºç¨å为MACç访é®å表ï¼å³åé¢æ们å®ä¹ç访é®çç¥ï¼
Switchï¼config-if ï¼Ip access-group IP in
ï¼å¨è¯¥ç«¯å£ä¸åºç¨å为IP10ç访é®å表ï¼å³åé¢æ们å®ä¹ç访é®çç¥ï¼
Switchï¼configï¼no mac access-list extended MAC
ï¼æ¸
é¤å为MACç访é®å表
Switchï¼configï¼no Ip access-group IP in
ï¼æ¸
é¤å为IPç访é®å表
å¨cisco交æ¢æºä¸ä¸ºäºé²æ¢ip被çç¨æå工乱æ¹ipï¼å¯ä»¥å以ä¸æªæ½ï¼å³ipä¸macå°åçç»å®åipä¸äº¤æ¢æºç«¯å£çç»å®ã
ä¸ãéè¿IPæ¥ç«¯å£
å
æ¥Macå°åï¼åæ ¹æ®Macå°åæ¥ç«¯å£ï¼
bangonglou3#show arp | include 208.41 æè
show mac-address-table æ¥æ¥çæ´ä¸ªç«¯å£çip-mac表
Internet 10.138.208.41 4 0006.1bde.3de9 ARPA Vlan10
bangonglou3#show mac-add | in 0006.1bde
10 0006.1bde.3de9 DYNAMIC Fa0/17
bangonglou3#exit
äºãipä¸macå°åçç»å®ï¼è¿ç§ç»å®å¯ä»¥ç®åææçé²æ¢ip被çç¨ï¼å«äººå°ipæ¹æäºä½ ç»å®äºmacå°åçipåï¼å
¶ç½ç»ä¸åï¼
ï¼tcp/udpåè®®ä¸åï¼ä½netbiosç½ç»å
±é¡¹å¯ä»¥è®¿é®ï¼ï¼å
·ä½åæ³ï¼
ciscoï¼configï¼#arp 10.138.208.81 0000.e268.9980 ARPA
è¿æ ·å°±å°10.138.208.81 ä¸macï¼0000.e268.9980 ARPAç»å®å¨ä¸èµ·äº
ä¸ãipä¸äº¤æ¢æºç«¯å£çç»å®ï¼æ¤ç§æ¹æ³ç»å®åç端å£åªææ¤ipè½ç¨ï¼æ¹ä¸ºå«çipåç«å³æç½ãææçé²æ¢äºä¹±æ¹ip.
ciscoï¼configï¼# interface FastEthernet0/17
ciscoï¼config-ifï¼# ip access-group 6 in
ciscoï¼configï¼#access-list 6 permit 10.138.208.81
è¿æ ·å°±å°äº¤æ¢æºçFastEthernet0/17端å£ä¸ipï¼10.138.208.81ç»å®äºã
ç»å®ä»¥åå¯ä»¥æé«å®å
¨ï¼å¯ä»¥é²æ¢ARP欺éª~
温馨提示:内容为网友见解,仅供参考