So, for example, to allow two MAC Addresses (1111.1111.1111 and 2222.2222.2222) at FastEthernet 0/6 (configured as an access-port), and, if any violation to that rule occurs, the port should be placed in ERRDISABLE state, recovering itself after 1hour without any intervation. The MAC Address MUST appear in the running-configuration.
How can we solve that!? Not that difficult, right!? Here´s the answer:
conf t
!
errdisable recovery cause psecure-violation
errdisable recovery interval 3600
!
interface fastethernet 0/6
switchport mode access
switchport port-security violation shutdown
switchport port-security maximum 2
switchport port-security mac-address sticky 1111.1111.1111
switchport port-security mac-address sticky 2222.2222.2222
exit
source :
http://cauew.blogspot.com/2008/09/switchport-port-security-what-we-must.html
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment