防止用戶私自更改手機mac繼續訪問網絡,我們在連接AP的交換機端口上設置只允許指定的MAC地址連接到網絡。
注意:
1. 確保交換機上連接AP的端口二層模式爲access模式。
2. 允許通過的MAC數量和port-security maximum數量必須一致
3. 每次增加MAC的時候,先shutdown,然後設置maximum數量,然後再增加MAC,最後no shutdown激活端口
4. 必須把AP本身的MAC地址也加進去,否則無法telnet 到AP。
5. 在交換機上的連接AP的端口上配置
配置命令:
XIASW-B-005(config)#interface fastEthernet 0/35
XIASW-B-005(config-if)#shutdown
XIASW-B-005(config-if)#switchport port-security
XIASW-B-005(config-if)#switchport port-security violation protect
XIASW-B-005(config-if)#switchport port-security maximum 7
XIASW-B-005(config-if)#switchport port-security mac-address 0023.0426.1a7e
XIASW-B-005(config-if)#no shutdown
XIASW-B-005(config-if)#exit
XIASW-B-005#wr
驗證:
XIASW-B-005#sh running-config interface fastEthernet 0/35
Building configuration...
Current configuration : 1781 bytes
!
interface FastEthernet0/35
switchport access vlan 5
switchport mode access
switchport port-security maximum 30
switchport port-security
switchport port-security violation protect
switchport port-security mac-address 0008.9ff3.f336
switchport port-security mac-address 0023.0426.1a7e
switchport port-security mac-address 0023.4dd9.7205
switchport port-security mac-address 0024.2b59.e67f
switchport port-security mac-address 0024.2b5a.035c
switchport port-security mac-address 0024.d794.7870
switchport port-security mac-address 0027.1011.761c
switchport port-security mac-address 0027.1011.d7dc
switchport port-security mac-address 0027.1012.90e0
switchport port-security mac-address 0027.10a3.0394
switchport port-security mac-address 0811.96ac.e0d8
switchport port-security mac-address 0c77.1a84.5a27
switchport port-security mac-address 100b.a952.26c0
switchport port-security mac-address 207d.7424.52cb
switchport port-security mac-address 3ca9.f48f.aa8c
switchport port-security mac-address 3ca9.f48f.fdec
switchport port-security mac-address 3ca9.f4a1.e6c4
switchport port-security mac-address 3cd0.f8ba.f414
switchport port-security mac-address 6067.20e1.d798
switchport port-security mac-address 6092.172b.db71
switchport port-security mac-address 6c88.147d.a958
switchport port-security mac-address 6c88.147d.dd30
switchport port-security mac-address 6c88.147d.e53c
switchport port-security mac-address 6c88.147d.ea5c
switchport port-security mac-address 8c70.5a08.1364
switchport port-security mac-address 8c70.5a08.23d4
switchport port-security mac-address 9cb7.0df4.42b0
switchport port-security mac-address acf7.f3ef.cf4a
switchport port-security mac-address b4ce.f673.44c4
switchport port-security mac-address c46a.b769.d3b9
end
XIASW-B-005#sh mac-address-table interface fastEthernet 0/35
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
5 0008.9ff3.f336 STATIC Fa0/35
5 0023.0426.1a7e STATIC Fa0/35
5 0023.4dd9.7205 STATIC Fa0/35
5 0024.2b59.e67f STATIC Fa0/35
5 0024.2b5a.035c STATIC Fa0/35
5 0024.d794.7870 STATIC Fa0/35
5 0027.1011.761c STATIC Fa0/35
5 0027.1011.d7dc STATIC Fa0/35
5 0027.1012.90e0 STATIC Fa0/35
5 0027.10a3.0394 STATIC Fa0/35
5 0811.96ac.e0d8 STATIC Fa0/35
5 0c77.1a84.5a27 STATIC Fa0/35
5 100b.a952.26c0 STATIC Fa0/35
5 207d.7424.52cb STATIC Fa0/35
5 3ca9.f48f.aa8c STATIC Fa0/35
5 3ca9.f48f.fdec STATIC Fa0/35
5 3ca9.f4a1.e6c4 STATIC Fa0/35
5 3cd0.f8ba.f414 STATIC Fa0/35
5 6067.20e1.d798 STATIC Fa0/35
5 6092.172b.db71 STATIC Fa0/35
5 6c88.147d.a958 STATIC Fa0/35
5 6c88.147d.dd30 STATIC Fa0/35
5 6c88.147d.e53c STATIC Fa0/35
5 6c88.147d.ea5c STATIC Fa0/35
5 8c70.5a08.1364 STATIC Fa0/35
5 8c70.5a08.23d4 STATIC Fa0/35
5 9cb7.0df4.42b0 STATIC Fa0/35
5 acf7.f3ef.cf4a STATIC Fa0/35
5 b4ce.f673.44c4 STATIC Fa0/35
5 c46a.b769.d3b9 STATIC Fa0/35
Total Mac Addresses for this criterion: 30
XIASW-B-005#