【 Weak current College 】 IP-MAC bound switch settings detailed

【Printer brief】
In Cisco has the following three options to choose from, option 1 and option 2 implementation of the function is the same, i.e. in specific switch port bound to a specific host's MAC address (the network card hardware address), option 3 is in the specific port on the switch while bound to a specific host's MAC address (the network card hardware address) and IP address.
In Cisco has the following three options to choose from, option 1 and option 2 implementation of the function is the same, i.e. in specific switch port bound to a specific host's MAC address (the network card hardware address), option 3 is in the specific port on the switch while bound to a specific host's MAC address (the network card hardware address) and IP address.

1. the programme 1-port-based MAC address bindings

Cisco 2950 switch, for example, login into the switch, input management password in configuration mode, type the command:
Switch#configterminal
# Enter configuration mode
Switch(config)#Interfacefastethernet0/1
# Into specific port configuration mode
Switch(config-if)#Switchportport-secruity
# Configuration for port security mode
Switch (config-if) switchportport-securitymac-addressMAC (host's MAC address)
# Configure the port to bind to the host's MAC address
Switch (config-if) noswitchportport-securitymac-addressMAC (host's MAC address)
# Remove bind host's MAC address

Note:
The above command to set the switch on a port bound to a specific MAC address, so that only the host can use the network, if the network card on the host for the replacement or other PC to this port using the network are not available until you remove or modify the port binding for the MAC address, in order to work properly.

Note:
These features apply to the Cisco 2950, 3550, 4500 and 6500 Series switches

2. scenario 2 – extended based on MAC address access list

Switch(config)Macaccess-listextendedMAC10
#Define one MAC address access control list and rename the list name for MAC10
Switch(config)permithost0009.6bc4.d4bfany
# Define MAC address for the host 0009.6bc4.d4bf can access arbitrary hosts
Switch(config)permitanyhost0009.6bc4.d4bf
# Define all host can access the MAC address for the host 0009.6bc4.d4bf
Switch(config-if)interfaceFa0/20
# Enter the configuration specific port mode
Switch(config-if)macaccess-groupMAC10in
# In the application name on the port to the access list MAC10 (i.e. front we defined access policies)
Switch(config)nomacaccess-listextendedMAC10
# Clear the name of the access list MAC10

This feature and application of a largely the same, but it is based on the port do MAC address access control list, you can restrict a specific source MAC address and end address range.

Note:
The above features in Cisco 2950, 3550, 4500 and 6500 Series switches can achieve, but it is important to note that need switch 3550 2950, run the enhanced software mirroring (EnhancedImage).

3. scenario 3 – IP address of the MAC address bindings

You can only apply 1 or 2 and IP-based access control list to use to reach IP-MAC binding capabilities.
Switch(config)Macaccess-listextendedMAC10
# Define one MAC address access control list and rename the list name for MAC10
Switch(config)permithost0009.6bc4.d4bfany
# Define MAC address for the host 0009.6bc4.d4bf can access arbitrary hosts
Switch(config)permitanyhost0009.6bc4.d4bf
# Define all host can access the MAC address for the host 0009.6bc4.d4bf
Switch(config)Ipaccess-listextendedIP10
# Define an IP address of the access control list and rename the list named IP10
Switch(config)Permit192.168.0.10.0.0.0any
# Define IP address is 192.168.0.1 hosts can access an arbitrary host
Permitany192.168.0.10.0.0.0
# Define all hosts can access an IP address is 192.168.0.1 host
Switch(config-if)interfaceFa0/20
# Enter the configuration specific port mode
Switch(config-if)macaccess-groupMAC10in
# In the application name on the port to the access list MAC10 (i.e. front we defined access policies)
Switch(config-if)Ipaccess-groupIP10in
# In the application name on the port to the access list IP10 (i.e. front we defined access policies)
Switch(config)nomacaccess-listextendedMAC10
# Clear the name of the access list MAC10
Switch(config)noIpaccess-groupIP10in
# Clear the name of the access list for IP10

The above mentioned application 1 is based on the host MAC address and switch port bindings, option 2 is based on MAC address access control list, the first two scenarios can achieve the same functionality in General. If you want to do IP and MAC address binding can only be achieved in accordance with the programme 3, according to the demand will option 1 or option 2 and IP access control list used together to achieve your desired effect.
Note:
The above features in Cisco 2950, 3550, 4500 and 6500 Series switches can achieve, but it is important to note that need switch 3550 2950, run the enhanced software mirroring (EnhancedImage).