|
Cisco kommutatorlarida Port-security
|
bet | 2/3 | Sana | 25.01.2023 | Hajmi | 135.88 Kb. | | #39419 |
Bog'liq D6hhy7dxaLq03bespa9dGQRwz3Kr jiP
Port-securityni sozlash
Port-security interfeysni sozlash kommutatorning port rejimlar orqali amalga oshiriladi. Ko`pchilik Cisco kommutatorlarida portlar odatda dynamic auto rejimida turadi, ushbu rejim port-security funksiyasiga to`g`ri kelmaydi. Shuning uchun interfeysni trunk yoki access rejimiga o`tkazish kerak:
switch(config-if)# switchport mode Interfeysda port securityni ishga tushurish:
switch(config-if)# switchport port-security
Xavfsiz MAC-manzillarni sozlash
Manzillarni dinamik saqlash (sticky) buyrug`i orqali ishga tushurish: switch(config-if)# switchport port-security mac-address sticky
Agar manzillarni statik tarzda kiritish kerak bo’lsa sticky buyrug`i o`rniga manzillar yoziladi:
switch (config) # interface ethernet 0/1
switch (config-if) # switchport port-security mac- address 0050.3e8d.6400
Xavfsiz MAC-manzillarning maksimal soni
switchport port-security maximum N – bu bir vaqtda N sonli MAC-manzillar interfeysda ishlashini anglatadi.
Masalan:
switch(config)# interface Fastethernet0/3 switch(config-if)# switchport mode access switch(config-if)# switchport port-security maximum 3
switch(config-if)# switchport port-security
Xavfsizlik buzilishiga javob berish (реагирование) rejimini sozlash
Xavfsizlik buzilishiga javob berish ning uchta usuli mavjud:
switch(config-if)# switchport port-security violation
| restrict | shutdown>
switchport port-security violation restrict – buzilishga javob berish rjimini ko`rsatish. Bunda, agar interfeysda uchinchi notanish MAC-manzil paydo bo`lsa, undan keluvchi barcha paketlar qabul qilinmaydi. Undan tashqari syslog, SNMP trap, violetion counter ka`bi jurnallashtiruvchilarga xabar jo`natiladi.
switchport port-security violation shutdown- buzilish aniqlanganda interfeysni error-disabled holatiga o`tkazadi va o`chiradi. Undan tashqari syslog, SNMP trap, violetion counter ka`bi jurnallashtiruvchilarga xabar jo`natiladi. Ushbu holatdan chiqarish uchun shutdown va no shutdown buyruqlaridan foydalaniladi.
Agar interfeysga switchport port-security violation protect buyrug`i kiritilgan bo`lsa, unda notanish MAC-manzil paketlari qabul qilinmaydi va xech qanday xabar yaratilmaydi, hamda port shutdown holatiga o`tmaydi.
Ushbu usullardan switchport port-security violation restrict ko`pchilik hollarda tavsiya etiladi.
|
| |