Hà Nội: NTT03, Line 1, Thống Nhất Complex, 82 Nguyễn Tuân, Thanh Xuân, Hà Nội. ● HCM: Số 31B, Đường 1, Phường An Phú, Quận 2 (Thủ Đức), TP HCM. ===> Đơn Vị Hàng Đầu Trong Lĩnh Vực Cung Cấp Thiết Bị Security - Network - Wifi - CCTV - Conference - Máy chủ Server - Lưu trữ Storge.
Danh mục sản phẩm

Configure MAC and IP Rule of Port Security

Network Requirements

  • PC1, PC2 and the network printer are connected to the server via Device.
  • Configure the port security function on Device, permitting PC1 to pass and refusing PC2 to pass; permit the network printer to execute the printing tasks delivered by the server and PC1 user.

Network Topology

Networking of configuring port security MAC and IP rule

Figure 3–1 Networking of configuring port security MAC and IP rule

Configuration Steps

Step 1: Configure VLAN.

#Create VLAN.

Device#configure terminal
Device(config)#vlan 2
Device(config-vlan2)#exit

#Configure the port link type on gigabitethernet0/1-gigabitethernet0/3 of Device as Access, permitting the services of VLAN2 to pass.

Device(config)#interface gigabitethernet 0/1-0/3
Device(config-if-range)#switchport mode access
Device(config-if-range)#switchport access vlan 2
Device(config-if-range)#exit

Step 2: Configure the port security function.

#Configure the MAC+IP rule on gigabitethernet0/1 of Device, permitting PC1 to pass; configure the IP rule, refusing PC2 to pass.

Device#config terminal
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#port-security enable
Device(config-if-gigabitethernet0/1)#port-security permit mac-address 3883.45ef.7984 ip-address 199.0.0.1
Device(config-if-gigabitethernet0/1)#port-security deny ip-address 199.0.0.2
Device(config-if-gigabitethernet0/1)#exit

#Configure the MAC rule on gigabitethernet0/2 of Device, permitting the network printer to access the network.

Device(config)#interface gigabitethernet 0/2
Device(config-if-gigabitethernet0/2)#port-security enable
Device(config-if-gigabitethernet0/2)#port-security permit mac-address 3883.45ef.f395
Device(config-if-gigabitethernet0/2)#exit

Step 3: Check the result.

#View the effective entries of the port security on Device. The user can see that the MACs of PC1 and the network printer are written to the effective entries of the port security.

Device#show port-security active-address  
--------------------------------------------------------------------------------
Entry Interface   MAC  address       VID   IP/IPv6  Addr   Derivation   Age(Sec) 
--------------------------------------------------------------------------------
1     gi0/1       38:83:45:EF:79:84  2     199.0.0.1       MAC+IP       0     
2     gi0/2       38:83:45:EF:F3:95  2	   199.0.0.3       MAC          0   

#With the detection, we can see that PC1 can access the server and the network printer can execute the printing task delivered by PC1 and the server.

#With the detection, we can see that PC2 cannot ping the server or the network printer.