Configure MAC and IP Rule of Port Security

Network Requirements

• PC1, PC2 and the network printer are connected to the server via Device.
• Configure the port security function on Device, permitting PC1 to pass and refusing PC2 to pass; permit the network printer to execute the printing tasks delivered by the server and PC1 user.

Network Topology

Figure 3–1 Networking of configuring port security MAC and IP rule

Configuration Steps

Step 1: Configure VLAN.

#Create VLAN.

#Configure the port link type on gigabitethernet0/1-gigabitethernet0/3 of Device as Access, permitting the services of VLAN2 to pass.

Step 2: Configure the port security function.

#Configure the MAC+IP rule on gigabitethernet0/1 of Device, permitting PC1 to pass; configure the IP rule, refusing PC2 to pass.

#Configure the MAC rule on gigabitethernet0/2 of Device, permitting the network printer to access the network.

Step 3: Check the result.

#View the effective entries of the port security on Device. The user can see that the MACs of PC1 and the network printer are written to the effective entries of the port security.

Device#show port-security active-address  
--------------------------------------------------------------------------------
Entry Interface   MAC  address       VID   IP/IPv6  Addr   Derivation   Age(Sec) 
--------------------------------------------------------------------------------
1     gi0/1       38:83:45:EF:79:84  2     199.0.0.1       MAC+IP       0     
2     gi0/2       38:83:45:EF:F3:95  2	   199.0.0.3       MAC          0   

#With the detection, we can see that PC1 can access the server and the network printer can execute the printing task delivered by PC1 and the server.

#With the detection, we can see that PC2 cannot ping the server or the network printer.