还剩3页未读,继续阅读
文本内容:
海量资料超值下载交换机端口与__C地址绑定
一、实验目的
1.了解什么是交换机的__C绑定功能;
2.熟练掌握__C与端口绑定的静态方式
二、实验描述主要实验内容如下1.交换机IP地址为
192.
168.
1.10/24,PC1的地址为
192.
168.
1.101/24;PC2的地址为
192.
168.
1.102/
242.在交换机上作__C与端口绑定
三、实验拓扑
四、实验设备
1.S29601台2.PC2台
3.双绞线2根
五、实验步骤第1步配置PC1的地址为
192.
168.
1.101/24,配置PC2的地址为
192.
168.
1.102/
192.
168.
255.
255.
0.
0.
0.
0.
0.0我们得到了PC1的__C地址000A.418B.D76C第2步配置交换机的IP地址Switchconfig#intvlan1Switchconfig-if#ipadd
192.
168.
1.
10255.
255.
255.0Switchconfig-if#noshSwitchconfig-if#exit第3步使用端口的__C地址绑定功能Switchconfig#intf0/1Switchconfig-if#switchportmodeac__ssSwitchconfig-if#switchportport-security第4步添加端口静态安全__C地址,缺省端口最大安全地址数为1Switchconfig-if#switchportport-security__c-address000A.418B.D76C验证配置Switch#shport-securityaddressSecure__cAddressTable-------------------------------------------------------------------------------Vlan__cAddressTypePortsRe__iningAgemins-------------------------------------1000A.418B.D76CSecureConfiguredFastEthernet0/1-------------------------------------------------------------------------------TotalAddressesinSystemexcludingone__cperport:0__xAddresseslimitinSystemexcludingone__cperport:1024第5步使用PING命令验证在PC1上ping
192.
168.
1.10能通PCping
192.
168.
1.10Pinging
192.
168.
1.10with32bytesofdata:Replyfrom
192.
168.
1.10:bytes=32time=32msTTL=255Replyfrom
192.
168.
1.10:bytes=32time=31msTTL=255Replyfrom
192.
168.
1.10:bytes=32time=32msTTL=255Replyfrom
192.
168.
1.10:bytes=32time=32msTTL=255Pingstatisticsfor
192.
168.
1.10:Packets:Sent=4Re__ived=4Lost=00%lossApproxi__teroundtriptimesinmilli-seconds:Minimum=31ms__ximum=32ms__erage=31ms先拔掉PC1到f0/1的连线,再把PC2接到F0/1验证配置,ping交换机的IP地址(不通因为设置了PC1到F0/1的绑定)PCping
192.
168.
1.10Pinging
192.
168.
1.10with32bytesofdata:Requesttimedout.Requesttimedout.Requesttimedout.Requesttimedout.Pingstatisticsfor
192.
168.
1.10:Packets:Sent=4Re__ived=0Lost=4100%loss第6步在一个口上绑定多个__CSwitchconfig#intf0/1Switchconfig-if#switchportport-security__ximum2Switchconfig-if#switchportport-security__c-address00D
0.58BC.29D2验证配置Switch#shport-securityaddressSecure__cAddressTable-------------------------------------------------------------------------------Vlan__cAddressTypePortsRe__iningAgemins-------------------------------------1000A.418B.D76CSecureConfiguredFastEthernet0/1-100D
0.58BC.29D2SecureConfiguredFastEthernet0/1-------------------------------------------------------------------------------TotalAddressesinSystemexcludingone__cperport:1__xAddresseslimitinSystemexcludingone__cperport:1024第7步使用PING命令验证先拔掉PC1到f0/1的连线,再把PC2接到F0/1验证配置此进PC2也能PING通交换机(因为F0/1接口上也同时绑定了PC2的__C地址)PCping
192.
168.
1.10Pinging
192.
168.
1.10with32bytesofdata:Replyfrom
192.
168.
1.10:bytes=32time=46msTTL=255Replyfrom
192.
168.
1.10:bytes=32time=31msTTL=255Replyfrom
192.
168.
1.10:bytes=32time=31msTTL=255Replyfrom
192.
168.
1.10:bytes=32time=31msTTL=255Pingstatisticsfor
192.
168.
1.10:Packets:Sent=4Re__ived=4Lost=00%lossApproxi__teroundtriptimesinmilli-seconds:Minimum=31ms__ximum=46ms__erage=34ms
六、注意事项如果出现端口无法配置__C地址绑定功能的情况,请检查交换机的端口是否运行了生成树协议、
802.1X、端口汇聚或端口已经配置为TRUNK端口,__C绑定与这些配置是互斥的,所以在执行端口绑定前一定要先关闭端口下的上述功能
七、参考配置Switch#shrunBuildingconfiguration...Currentconfiguration:1131bytes!version
12.2noservi__password-encryption!hostnameSwitch!!!inte_____FastEthernet0/1switchportmodeac__ssswitchportport-securityswitchportport-security__ximum2switchportport-security__c-address000A.418B.D76Cswitchportport-security__c-address00D
0.58BC.29D2!inte_____FastEthernet0/2!inte_____FastEthernet0/3!inte_____FastEthernet0/4!inte_____FastEthernet0/5!inte_____FastEthernet0/6!inte_____FastEthernet0/7!inte_____FastEthernet0/8!inte_____FastEthernet0/9!inte_____FastEthernet0/10!inte_____FastEthernet0/11!inte_____FastEthernet0/12!inte_____FastEthernet0/13!inte_____FastEthernet0/14!inte_____FastEthernet0/15!inte_____FastEthernet0/16!inte_____FastEthernet0/17!inte_____FastEthernet0/18!inte_____FastEthernet0/19!inte_____FastEthernet0/20!inte_____FastEthernet0/21!inte_____FastEthernet0/22!inte_____FastEthernet0/23!inte_____FastEthernet0/24!inte_____GigabitEthernet1/1!inte_____GigabitEthernet1/2!inte_____Vlan1ipaddress
192.
168.
1.
10255.
255.
255.0!linecon0!linevty04loginlinevty515login!!end。