Configure STICKY Rule of Port Security
Network Requirements
- PC1, PC2 and PC3 are connected to the server via Device; they are in the same LAN as the server.
- Configure the port security rule on Device, permitting two PCs to pass.
- After saving the configuration and restarting Device, the STICKY rule can take effect at once.
Network Topology
Figure 3–3 Networking of configuring the STICKY rule of the port security
Configuration Steps
Step 1: Configure VLAN.
#Create VLAN.
|
Device#configure terminal
Device(config)#vlan 2
Device(config-vlan2)#exit
|
#Configure the port link type on gigabitethernet0/1-gigabitethernet0/2 of Device as Access, permitting the services of VLAN2 to pass.
|
Device(config)#interface gigabitethernet 0/1-0/2
Device(config-if-range)#switchport mode access
Device(config-if-range)#switchport access vlan 2
Device(config-if-range)#exit
|
Step 2: Configure the MAX rule of the port security on Device.
#Configure the MAX rule on gigabitethernet0/1 of Device. The maximum number of the MAX rules is 2.
|
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#port-security enable
Device(config-if-gigabitethernet0/1)#port-security maximum 2
Device(config-if-gigabitethernet0/1)exit
|
Step 3: Configure the STICKY rule of the port security on Device.
#Enable the STICKY function on gigabitethernet0/1 of Device.
|
Device(config)#interface gigabitethernet 0/1
Device(config-if-gigabitethernet0/1)#port-security permit mac-address sticky
Device(config-if-gigabitethernet0/1)#exit
|
Step 4: Check the result.
#PC1, PC2 and PC3 try to communicate with the server. View the effective entries of the port security on gigabitethernet0/1 of Device and you can see that the rule type on gigabitethernet0/1 is STICKY.
Device#show port-security active-address
----------------------------------------------------------------------------
Entry Interface MAC address VID IP/IPv6 Addr Derivation Age(Sec)
----------------------------------------------------------------------------
1 gi0/1 38:83:45:EF:79:84 2 199.0.0.1 STICKY 0
2 gi0/1 38:83:45:EF:F3:95 2 199.0.0.3 STICKY 0
Total Mac Addresses for this criterion: 2
#After saving the configuration and restarting the device, the STICKY rule exists and takes effect.
Device#show port-security active-address
----------------------------------------------------------------------------
Entry Interface MAC address VID IP/IPv6 Addr Derivation Age(Sec)
----------------------------------------------------------------------------
1 gi0/1 38:83:45:EF:79:84 2 199.0.0.1 STICKY 0
2 gi0/1 38:83:45:EF:F3:95 2 199.0.0.3 STICKY 0
Total Mac Addresses for this criterion: 2
Switch
.png){kind=icon}
.png){kind=logo}
