交换机控制上网用户.doc

PC1:192.168.1.1 PC2:192.168.1.2 PC3:192.168.1.3 为了限制非授权用户在HUB，SWITCH下线路带宽，来限制非许可用户使用网络资源。 在交换机相对应的接口下限制MAC地址： 交换机上的配置如下： Switchenable Switch#confi t Switch(config)#int f0/1 Switch(config-if)#switch Switch(config-if)#switchport mode access Switch(config-if)#switchport port-security Switch(config-if)#switchport port-security mac-address 00D0.BC49.D378 Switch(config-if)#switchport port- Switch(config-if)#switchport port-security maximum 1 Switch(config-if)#switchport port- Switch(config-if)#switchport port-security vi Switch(config-if)#switchport port-security violation shutdown Switch(config-if)# 测试： PC1测试：尝试联通PC3,现象如下： PCping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Reply from 192.168.1.3: bytes=32 time=188ms TTL=128 Reply from 192.168.1.3: bytes=32 time=91ms TTL=128 Reply from 192.168.1.3: bytes=32 time=94ms TTL=128 Reply from 192.168.1.3: bytes=32 time=94ms TTL=128 Ping statistics for 192.168.1.3: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 91ms, Maximum = 188ms, Average = 116ms 授权用户目前可以正常访问网络资源。 PC2测试：尝试访问网络资源PC3。 PCping 192.168.1.3 Pinging 192.168.1.3 with 32 bytes of data: Request timed out. Request timed out. Request timed out. Request timed out. Ping statistics for 192.168.1.3: Packets: Sent = 4, Received = 0, Lost = 4 (100% loss),  这个时候，交换察觉违规数据包。该端口自动关闭。