IP与交换机端口绑定

时间：2024.5.2

IP与交换机端口绑定

在Cisco catalyst 2950交换机上，通过配置extended ACL来实现端口与IP的绑定。配置如下：

2950#show run

Current configuration : 5396 bytes

version 12.1

no service pad

service timestamps debug uptime

servicetimestamps log uptime

no service password-encryption

hostname 2950

enable secret 5 $1$kJ.v$gF4osmkOwfvOy7vkwI3j/.

ip subnet-zero

no ip domain-lookup

spanning-tree mode pvst

no spanning-tree optimize bpdu transmission

spanning-tree extend system-id

spanning-tree uplinkfast

interface FastEthernet0/1

switchport access vlan 30

switchport mode access

ip access-group ip1 in

spanning-tree portfast

interface FastEthernet0/2

switchport access vlan 30

switchport mode access

ip access-group ip2 in

spanning-tree portfast

interface FastEthernet0/3

switchport access vlan 30

switchport mode access

ip access-group ip3 in spanning-tree portfast !

interface FastEthernet0/4 switchport access vlan 30 switchport mode access ip access-group ip4 in spanning-tree portfast !

interface FastEthernet0/5 switchport access vlan 30 switchport mode access ip access-group ip5 in spanning-tree portfast !

interface FastEthernet0/6 switchport access vlan 30 switchport mode access ip access-group ip6 in spanning-tree portfast !

interface FastEthernet0/7 switchport access vlan 30 switchport mode access ip access-group ip7 in spanning-tree portfast interface FastEthernet0/8 switchport access vlan 30 switchport mode access ip access-group ip8 in spanning-tree portfast !

interface FastEthernet0/9 switchport access vlan 30 switchport mode access ip access-group ip9 in spanning-tree portfast !

interface FastEthernet0/10 switchport access vlan 30 switchport mode access ip access-group ip10 in spanning-tree portfast !

interface FastEthernet0/11 switchport access vlan 30 switchport mode access ip access-group ip11 in spanning-tree portfast !

interface FastEthernet0/12 switchport access vlan 30 switchport mode access ip access-group ip12 in spanning-tree portfast !

interface FastEthernet0/13 switchport access vlan 30 switchport mode access ip access-group ip13 in spanning-tree portfast !

interface FastEthernet0/14 switchport access vlan 30 switchport mode access ip access-group ip14 in spanning-tree portfast !

interface FastEthernet0/15 switchport access vlan 30 switchport mode access ip access-group ip15 in spanning-tree portfast !

interface FastEthernet0/16 switchport access vlan 30 switchport mode access ip access-group ip16 in spanning-tree portfast !

interface FastEthernet0/17 switchport access vlan 30 switchport mode access ip access-group ip17 in spanning-tree portfast !

interface FastEthernet0/18 switchport access vlan 30

switchport mode access ip access-group ip18 in spanning-tree portfast !

interface FastEthernet0/19 switchport access vlan 30 switchport mode access ip access-group ip19 in spanning-tree portfast !

interface FastEthernet0/20 switchport access vlan 30 switchport mode access ip access-group ip20 in spanning-tree portfast !

interface FastEthernet0/21 switchport access vlan 30 switchport mode access ip access-group ip21 in spanning-tree portfast !

interface FastEthernet0/22 switchport access vlan 30 switchport mode access

ip access-group ip22 in spanning-tree portfast !

interface FastEthernet0/23 switchport access vlan 30 switchport mode access ip access-group ip23 in spanning-tree portfast !

interface FastEthernet0/24 switchport access vlan 30 switchport mode access ip access-group ip24 in spanning-tree portfast !

interface GigabitEthernet0/1 switchport mode trunk !

interface GigabitEthernet0/2

spanning-tree stack-port

interface Vlan1

no ip address

no ip route-cache

shutdown

interface Vlan100

ip address 192.168.100.22 255.255.255.0 no ip route-cache

ip default-gateway 192.168.100.254 ip http server

ip access-list extended ip1

permit ip host 192.168.30.1 any ip access-list extended ip10

permit ip host 192.168.30.10 any ip access-list extended ip11

permit ip host 192.168.30.11 any ip access-list extended ip12

permit ip host 192.168.30.12 any ip access-list extended ip13

permit ip host 192.168.30.13 any ip access-list extended ip14

permit ip host 192.168.30.14 any ip access-list extended ip15

permit ip host 192.168.30.15 any ip access-list extended ip16

permit ip host 192.168.30.16 any ip access-list extended ip17

permit ip host 192.168.30.17 any ip access-list extended ip18

permit ip host 192.168.30.18 any ip access-list extended ip19

permit ip host 192.168.30.19 any ip access-list extended ip2

permit ip host 192.168.30.2 any ip access-list extended ip20

permit ip host 192.168.30.20 any ip access-list extended ip21

permit ip host 192.168.30.21 any ip access-list extended ip22

permit ip host 192.168.30.22 any

ip access-list extended ip23

permit ip host 192.168.30.23 any

ip access-list extended ip24

permit ip host 192.168.30.24 any

ip access-list extended ip3

permit ip host 192.168.30.3 any

ip access-list extended ip4

permit ip host 192.168.30.4 any

ip access-list extended ip5

permit ip host 192.168.30.5 any

ip access-list extended ip6

ip access-list extended ip5

permit ip host 192.168.30.5 any

ip access-list extended ip6

permit ip host 192.168.30.6 any

ip access-list extended ip7

permit ip host 192.168.30.7 any

ip access-list extended ip8

permit ip host 192.168.30.8 any

ip access-list extended ip9

permit ip host 192.168.30.9 any

snmp-server community private RO

line con 0

line vty 0 4

password !@#$%

line vty 5 15

password !@#$%

end

2950#

本文来自CSDN博客，转载请/xml634633445/archive/2010/04/04/5447999.aspx 标明处出：

第二篇：华为交换机IP+MAC+端口绑定

孙工：你好，下面是华为交换机绑定的做法，你可以按照下面的做下。IP+MAC+端口绑定：通过DHCP Snooping的静态绑定表来实现IP+MAC+端口绑定功能，先在VLAN下配置的静态绑定表，静态绑定表的IP和MAC为待绑定PC的IP和MAC。然后再与PC相连的交换机接口上配置IP和ARP报文检查功能。假设你在vlan 1上将IP地址192.168.0.2 MAC地址1-1-1的电脑和接口Ethernet0/0/24绑定<Quidway><Quidway>system-view[Quidway] dhcp snooping enable [Quidway] interface Ethernet 0/0/24 [Quidway-Ethernet0/0/24] port default vlan 1 [Quidway-Ethernet0/0/24] dhcp snooping check arp enable [Quidway-Ethernet0/0/24] dhcp snooping check ip enable [Quidway-Ethernet0/0/24] quit [Quidway] vlan 1 [Quidway-vlan1] dhcp snooping enable [Quidway-vlan1] dhcp snooping bind-table static ip-address 192.168.0.2 mac-address 1-1-1 interface Ethernet0/0/24华为的2300系列、3300系列、5300系列都支持。华三的我查了下，他们有几种绑定方式，我也不确定到底哪种可用，和华为的差不多。

更多相关推荐：

交换机端口类型介绍大全: 交换机端口类型介绍大全POEPOEPowerOverEthernet指的是在现有的以太网Cat5布线基础架构不作做何改动的情况下在为一些基于IP的终端如IP电话机无线局域网接入点AP网络摄像机等传输数据信号的同...
交换机端口认别及常用命令: 任务一交换机端口认别及常用命令一实验目的1熟悉普通二层交换机的外观2了解普通二层交换机各端口的名称和作用3了解交换机最基本的管理方式带外管理的方法二实验设备1二层交换机一台2PC机若干3Console线一根4直...
思科交换机端口配置: Cisco交换机配置新手篇之端口配置在IOS输入命令时只要缩写的程度不会引起混淆使用配置命令的时候都可以使用缩写的形式比如Switchgtenable在用户模式下以en开头的命令就只有enable所以可以缩写成...
交换机端口配置: 交换机端口配置交换机端口链路类型介绍交换机以太网端口共有三种链路类型AccessTrunk和Hybrid1Access类型的端口只能属于1个VLAN一般用于连接计算机的端口2Trunk类型的端口可以属于多个VL...
交换机端口的基本配置: 交换机端口的基本配置交换机端口的基本配置如下配置端口描述信息通过配置交换机的端口描述信息可以了解交换机端口的物理连接情况开启和关闭端口可以将交换机的一个或多个端口关闭开启配置端口通信方式数据通信方式有全双工半双...
交换机各个端口类型的概述: 来源网络首先将交换机的类型进行划分交换机分为低端SOHO级和高端企业级其两者的重要区别就是低端的交换机每一个物理端口为一个逻辑端口而高端交换机则是将多个物理端口捆绑成一个逻辑端口再进行的配置的cisco网络中交...
交换机端口的三种模式: 以太网端口三种链路类型详解一三种模式下不同的VLAN应用Access类型的端口只能属于1个VLAN一般用于连接计算机的端口Trunk类型的端口可以允许多个VLAN通过可以接收和发送多个VLAN的报文一般用于交换...

交换机端口的tag与untag: 交换机端口的tag与untag一般来说交换机的端口可以以tag的方式属于多个VLAN但只能以untag的方式属于一个VLANuntag的方式属于的那个VLAN称做端口的本征VLAN而以tag方式加入的那些VLA...

华为认证：华为交换机端口限速方法: 华为认证华为交换机端口限速方法000EI系列以上的交换机都可以限速限速不同的交换机限速的方式不一样20xxEI直接在端口视图下面输入LINERATE4参数可选端口限速配置1功能需求及组网说明端口限速配置配置环境...
华为交换机端口限速: 华为交换机端口限速20xxEI系列以上的交换机都可以限速限速不同的交换机限速的方式不一样20xxEI直接在端口视图下面输入LINERATE4参数可选端口限速配置1功能需求及组网说明端口限速配置配置环境参数1PC...
华为交换机端口限速: H3C交换机端口限速华为交换机端口限速20xxEI系列以上的交换机都可以限速限速不同的交换机限速的方式不一样20xxEI直接在端口视图下面输入LINERATE4参数可选端口限速配置1功能需求及组网说明端口限速配...
关于华为各种型号交换机端口镜像配置方法总结: 关于华为各种型号交换机端口镜像配置方法总结20xx年03月25日星期日上午0151一端口镜像概念PortMirror端口镜像是用于进行网络性能监测可以这样理解在端口A和端口B之间建立镜像关系这样通过端口A传输的...

热门关注