Quantcast
Channel: CodeSection,代码区,网络安全 - CodeSec
Viewing all articles
Browse latest Browse all 12749

Configuring Port Security on D-Link Switches

0
0

In this article I will give an example of setting up port security on D-Link switches.

With Port Security, the ports on D-Link switches can limit the number of devices allowed to connect to the network.

Suppose you need to allow on ports 1 through 5 to connect only up to two devices, for this we execute the command:

config port_security ports 1-5 admin_state enabled max_learning_addr 2 lock_address_mode DeleteOnTimeout

Check:

show port_security

If the user changed the device, then with the “Delete on Timeout” mode, the MAC address of the old device will become outdated after the “FDB Aging Time” timer expires (usually 5 minutes) and will be deleted, after which the new MAC address can be learned.

With the “Permanent” mode, the MAC addresses will never become obsolete even after the switch reboots.

In the “Delete on Reset” mode, the MAC addresses will be deleted after the switch reboots.

In order for the switch to make entries in the logs and send SNMP Trap when an unauthorized device is connected, execute the command:

enable port_security trap_log

To disable Port Security or return default values, run:

config port_security system max_learning_addr no_limit
disable port_security trap_log
config port_security ports 1-5 admin_state disable max_learning_addr 32 lock_address_mode deleteonreset

If it is necessary to prohibit the study of MAC addresses and manually specify them, then we prohibit the study, for example, on ports 1 to 2:

config port_security ports 1-2 admin_state enabled max_learning_addr 0

And create static entries (“default” is the name of the VLAN):

create fdb default 00-00-00-00-11-11 port 1
create fdb default 00-00-00-00-11-b2 port 1
create fdb default 00-00-00-00-11-1a port 2

Viewing all articles
Browse latest Browse all 12749