Cisco 2950 Switch, Port Security
CLI Guru - Cisco Eğitim ve Danışmanlık Merkezi |

2007 yılından bu yana aktif olan ciscotr.com, kısa bir süre sonra " www.bilisim.pro " olarak devam edecektir.  
Mevcut mesajlarınız ve kullanıcı bilgilerinizle yenilenen sitemizde katılıma devam edebileceksiniz.

+ Konuyu Cevapla
Toplam 2 Sayfadan 1. Sayfa 12 SonuncuSonuncu
Toplam 12 sonuçtan 1 ile 10 arasındakiler gösteriliyor.
Like Tree1Likes
Cisco 2950 Switch, Port Security

tüm portlara mac-security uyguluyorum. Fakat tek bir makine için tüm portlara izin vermek istiyorum. Bunu nasıl yapabilirim???

  1. #1
    monopeto Guest

    Arrow Cisco 2950 Switch, Port Security

    tüm portlara mac-security uyguluyorum. Fakat tek bir makine için tüm portlara izin vermek istiyorum. Bunu nasıl yapabilirim???

  2. #2
    GhoSt isimli Üye şimdilik offline konumundadır Senior Member
    Üyelik tarihi
    Dec 2007
    Bulunduğu yer
    Ankara
    Mesajlar
    1,664

    Standart

    maximum adres sayısını 2 yapın , o makineyi statik olarak girin bütün portlarda , hatta mümkünse üzerlerine takılı olan cihazlarıda statik olarak ekleyin
    Örnek olarak

    interface FastEthernet0/1
    switchport mode access
    switchport port-security
    switchport port-security maximum 2
    switchport port-security mac-address 00E0.F736.C784
    switchport port-security mac-address 00E0.F745.59B9
    Mr.google knows everything , ask to him...

  3. #3
    monopeto Guest

    Standart

    merhaba,
    çok fazla makine olduğu için tek tek girmek hiç işime gelmiyor. Daha kısa bir yol için range kullandığımda, duplicate hatası veriyor ve çoğu portlara uygulanamıyor. neden duplicate hatası verdiğini anlayamadım...

    interface range FastEthernet0/1-48
    switchport mode access
    switchport port-security
    switchport port-security maximum 2
    switchport port-security mac-address 0011.0011.0011

  4. #4
    burner Guest

    Standart

    Slm;

    Eminmisin bunu yapmak istediginden...Ama hic ugrasma istersin imkansiz birseyi deniyorsun, amac ne? bana amacsiz bir amac gibi geldi... "HELL"...
    Ayni mac addresini birden fazla sw port una assign edemezsin...ayni zamanda Bir port a birden fazla mac adresi assign edebilirsin...ama hepsi unique olmak zorunda yani farkli olmak zorunda...
    Bundan dolayidirki sw duplicate error u veriyor...

    Iyi gunler
    Nexus likes this.

  5. #5
    monopeto Guest

    Standart

    merhaba

    range kullanarak (1-24) "switchport port-security mac-address 0011.0011.0011" komutunu verdiğimde aşağıda tablo ortaya çıkıyor. max mac sayısı 2. 5 porta aynı mac adresini nası kaydetmiş??? 5 prota aynı macı yazarken duplicate hatası neden vermemiş?
    amacım şu: mac adres security uygularken tek bir makinenin tüm kullanıcı masalarından güvenliğe takılmaması.

    ------------------------------------------------------------------------
    Vlan Mac Address Type Ports Remaining Age
    (mins)
    ---- ----------- ---- ----- -------------
    1 0011.0011.0011 SecureConfigured Fa0/1 -
    9 0011.0011.0011 SecureConfigured Fa0/2 -
    2 0011.0011.0011 SecureConfigured Fa0/3 -
    3 000f.1fe2.cb07 SecureSticky Fa0/5 -
    3 0011.0011.0011 SecureConfigured Fa0/5 -
    13 0011.0011.0011 SecureConfigured Fa0/10 -
    ------------------------------------------------------------------------

    İyi Çalışmalar

  6. #6
    GhoSt isimli Üye şimdilik offline konumundadır Senior Member
    Üyelik tarihi
    Dec 2007
    Bulunduğu yer
    Ankara
    Mesajlar
    1,664

    Standart

    o zaman sadece max 2 komutunu girebilirsiniz ama pekte bir güvenlik sağlamaz , cisco çok elimin altında olmadığı için bazı şeyleri tam deneyemiyorum kusra bakmayın yanlış bir yönlendirme olmuş
    Mr.google knows everything , ask to him...

  7. #7
    monopeto Guest

    Standart

    merhaba,
    hiç önemli değil. amaç bilgi paylaşımı
    ama ben hala çözüm bulamadım..

  8. #8
    burner Guest

    Standart

    Slm;

    Sorunun hicbir zaman cozulmeyecektir, bence mac addres ile ilgili konulara bir bak(kitap, net, cisco...vs), switching konularina daha henuz baslama, once mac adresini bir anla..

    Alıntı burner Nickli Üyeden Alıntı
    bu output 3500 serisi switchten alinmistir

    R3(config-if-range)#switchport port-security mac-address 0016.47a3.9111
    Found duplicate mac-address 0016.47a3.9111.

    R3(config-if-range)#int ran fa0/7 - 9
    R3(config-if-range)#switchport port-security mac-address 0016.47a3.9111
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.

    R3(config-if-range)#int ran fa0/7 - 10
    R3(config-if-range)#switchport port-security mac-address 0016.47a3.9111
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.

    R3(config-if-range)#int ran fa0/7 - 11
    R3(config-if-range)#switchport port-security mac-address 0016.47a3.9111
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.

    R3(config-if-range)#int ran fa0/7 - 12
    R3(config-if-range)#switchport port-security mac-address 0016.47a3.9111
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.

    R3(config-if-range)#int ran fa0/7 - 13
    R3(config-if-range)#switchport port-security mac-address 0016.47a3.9111
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.

    R3(config-if-range)#int ran fa0/7 - 14
    R3(config-if-range)#switchport port-security mac-address 0016.47a3.9111
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.

    R3(config-if-range)#int ran fa0/7 - 15
    R3(config-if-range)#switchport port-security mac-address 0016.47a3.9111
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.

    R3(config-if-range)#int ran fa0/7 - 16
    R3(config-if-range)#switchport port-security mac-address 0016.47a3.9111
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    FastEthernet0/16 is dynamic port. port-security parameters cannot be set.

    R3(config-if-range)#int ran fa0/7 - 24
    R3(config-if-range)#switchport port-security mac-address 0016.47a3.9111
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    Found duplicate mac-address 0016.47a3.9111.
    FastEthernet0/16 is dynamic port. port-security parameters cannot be set.
    FastEthernet0/17 is dynamic port. port-security parameters cannot be set.
    FastEthernet0/18 is dynamic port. port-security parameters cannot be set.
    FastEthernet0/19 is dynamic port. port-security parameters cannot be set.
    FastEthernet0/21 is dynamic port. port-security parameters cannot be set.
    FastEthernet0/22 is dynamic port. port-security parameters cannot be set.
    FastEthernet0/23 is dynamic port. port-security parameters cannot be set.
    Found duplicate mac-address 0016.47a3.9111.

    Bu output da 6500 serisinden alinmistir

    MER_SEC(config-if-range)#int ran gi3/1 - 48
    MER_SEC(config-if-range)#switchport port-security mac-address 0001.4aed.111f
    Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/2Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/3Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/4Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/5Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/6Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/7Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/9Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/10Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/11Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/12Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/13Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/14Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/15Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/17Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/18Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/19Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/20Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/21Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/22Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/23Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/24Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/25Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/26Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/31Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/32Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/33Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/34Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/35Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/36Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/37Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/38Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/39Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/40Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/41Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/42Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/43Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/45Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/47Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for GigabitEthernet3/48

    MER_SEC(config)#int ran fa4/1 - 96
    MER_SEC(config-if-range)#switchport port-security mac-address 0001.4aed.111f
    Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/2Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/3Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/4Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/6Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/7Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/8Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/9Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/13Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/14Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/15Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/16Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/18Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/19Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/20Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/21Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/22Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/24Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/25Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/26Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/27Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/28Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/29Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/30Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/31Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/32Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/33Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/34Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/35Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/36Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/37Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/38Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/39Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/40Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/41Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/42Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/43Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/44Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/45Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/46Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/47Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/48Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/49Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/50Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/51Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/52Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/53Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/54Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/55Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/56Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/57Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/58Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/59Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/60Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/61Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/62Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/63Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/64Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/65Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/66Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/67Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/68Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/69Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/70Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/71Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/72Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/73Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/74Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/75Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/76Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/77Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/78Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/79Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/80Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/81Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/82Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/83Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/84Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/85Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/86Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/87Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/88Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/89Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/90Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/91Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/92Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/93Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/94Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/95Found duplicate mac-address 0001.4aed.111f.

    % Interface range command failed for FastEthernet4/96
    MER_SEC(config-if-range)#
    Umarim Yeterince Acik....

    Iyi gunler
    Konu burner tarafından (10.03.2009 Saat 12:09 ) değiştirilmiştir.

  9. #9
    e-mky Guest

    Standart

    çok yararlı o oldu burner eline sağlık tşkler...

  10. #10
    monopeto Guest

    Standart

    bu güvenlik nortellerle çok rahat yapılabiliyor. bilmeyen varsa öğrensin, kitap filan okusun(ip, ethernet, http...)
    ben sadece bunun ciscolarda münkün olup olmadığını sormuştum... eğitimime nasıl devam edeceğimi değil!!!

+ Konuyu Cevapla

Bu Konuyu Paylaşın !

Bu Konuyu Paylaşın !

Yetkileriniz

  • Konu Acma Yetkiniz Yok
  • Cevap Yazma Yetkiniz Yok
  • Eklenti Yükleme Yetkiniz Yok
  • Mesajınızı Değiştirme Yetkiniz Yok