Networking Requirements
As shown in Figure, the MAC address of the user host PC1 is 0002-0002-0002 and that
of the user host PC2 is 0003-0003-0003. PC1 and PC2 are connected to the Switch through the
LSW. The LSW is connected to Eth0/0/1 of the Switch, which belongs to VLAN 2. The MAC
address of the server is 0004-0004-0004. The server is connected to Eth0/0/2 of the Switch.
Eth0/0/2 belongs to VLAN 2.
- To prevent hackers from using MAC addresses to attack the network, configure two static MAC address entries for each user host on the Switch.
- To prevent hackers from stealing user information by forging the MAC address of the server, configure a static MAC address entry on the Switch for the server.
The configuration roadmap is as follows:
1. Create a VLAN and add an interface to the VLAN to implement Layer 2 forwarding.
2. Configure static MAC address entries to prevent MAC address attacks.
3. Configure the aging time of dynamic MAC address entries to update the entries.
Procedure
Step 1 Configure static MAC address entries.
# Create VLAN 2 and add Ethernet0/0/1 and Ethernet0/0/2 to VLAN 2.
<Switch> system-view
[Switch] vlan 2
[Switch-vlan2] quit
[Switch] interface ethernet 0/0/1
[Switch-Ethernet0/0/1] port hybrid pvid vlan 2
[Switch-Ethernet0/0/1] port hybrid untagged vlan 2
[Switch-Ethernet0/0/1] quit
[Switch] interface ethernet 0/0/2
[Switch-Ethernet0/0/2] port hybrid pvid vlan 2
[Switch-Ethernet0/0/2] port hybrid untagged vlan 2
[Switch-Ethernet0/0/2] quit
# Configure a static MAC address entry.
[Switch] mac-address static 2-2-2 Ethernet 0/0/1 vlan 2
[Switch] mac-address static 3-3-3 Ethernet 0/0/1 vlan 2
[Switch] mac-address static 4-4-4 Ethernet 0/0/2 vlan 2
Step 2 Set the aging time of a dynamic MAC address entry.
[Switch] mac-address aging-time 500
Step 3 Verify the configuration.
# Run the display mac-address command in any view to check whether the static MAC address
entries are successfully added to the MAC address table.
[Switch] display mac-address static vlan 2
-------------------------------------------------------------------------------
MAC Address VLAN/VSI Learned-From Type
-------------------------------------------------------------------------------
0002-0002-0002 2/- Eth0/0/1 static
0003-0003-0003 2/- Eth0/0/1 static
0004-0004-0004 2/- Eth0/0/2 static
-------------------------------------------------------------------------------
Total items displayed = 3
# Run the display mac-address aging-time command in any view to check whether the aging
time of dynamic entries is set successfully.
[Switch] display mac-address aging-time
Aging time: 500 seconds
More Related:
No comments:
Post a Comment