Xavfsiz MAC-manzillarning maksimal soni
switchport port-security maximum N – bu bir vaqtda N sonli MAC-manzillar
interfeysda ishlashini anglatadi.
Masalan:
switch(config)# interface Fastethernet0/3
switch(config-if)# switchport mode access
switch(config-if)# switchport port-security maximum 3
switch(config-if)#
switchport port-security
Xavfsizlik buzilishiga javob berish (реагирование) rejimini sozlash
Xavfsizlik buzilishiga javob berish ning uchta usuli mavjud:
switch(config-if)# switchport port-security violation
shutdown>
switchport port-security violation restrict –
buzilishga javob berish
rjimini ko`rsatish. Bunda, agar interfeysda uchinchi notanish MAC-manzil
paydo bo`lsa, undan keluvchi barcha paketlar qabul qilinmaydi. Undan tashqari
syslog,
SNMP trap, violetion counter ka`bi jurnallashtiruvchilarga xabar
jo`natiladi.
switchport port-security violation shutdown-
buzilish aniqlanganda
interfeysni error-disabled holatiga o`tkazadi va o`chiradi. Undan tashqari syslog,
SNMP trap, violetion counter ka`bi jurnallashtiruvchilarga xabar jo`natiladi.
Ushbu holatdan chiqarish uchun
shutdown va
no shutdown buyruqlaridan
foydalaniladi.
Agar interfeysga
switchport port-security violation protect buyrug`i
kiritilgan bo`lsa, unda notanish MAC-manzil paketlari qabul qilinmaydi va xech
qanday xabar yaratilmaydi, hamda port shutdown holatiga o`tmaydi.
Ushbu usullardan switchport port-security violation restrict ko`pchilik
hollarda tavsiya etiladi.
MAC-manzillar jadvalini tozalash
Boshqa qurilmalar ulanishi uchun MAC-manzillar jadvalini tozalash:
switch# clear port-security [all|configured|dynamic|sticky] [address
|
interface ]
switch #clear port-security all
switch #clear port-security configured
switch #clear port-security dynamic
switch #clear port-security sticky
Port-security sozlanishlari haqidagi ma’lumotlarni ko`rish
switch# show port-security
switch# show port-security interface fa0/3
switch# show port-security address
