Specifications
4.11.4 CLICommandsoftheSecurity
CommandLinesoftheSecurityconfiguration
Feature CommandLine
PortSecurity
AddMAC Switch(config)#mac‐address‐tablestatic0012.7701.0101vlan1interface
fa1
mac‐address‐tableunicaststaticsetok!
PortSecurity Switch(config)#interfacefa1
Switch(config‐if)#switchportport‐security
DisablesnewMACaddresseslearningandagingactivities!
N
ote:Rule:AddthestaticMAC,VLANandPortbindingfirst,thenenable
theportsecuritytostopnewMAClearning.
DisablePortSecurity Switch(config‐if)#noswitchportport ‐security
EnablenewMACaddresseslearningandagingactivities!
Display Switch#showmac‐address‐tablestatic
DestinationAddressAddressTypeVlanDestination
Port
‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐ ‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐‐
0012.7701.0101Static1fa1
IPSecurity
IPSecurity Switch(config)#ipsecurity
Setipsecurityenableok.
Switch(config)#ipsecurityhost192.168.2.200
A
ddipsecurityhost192.168.2.200 ok.
Display Switch#showipsecurity
ipsecurityisenabled
ipsecurityhost:
192.168.2.200
802.1x
enable
diable
Switch(config)#dot1xsystem‐auth‐control
Switch(config)#
Switch(config)#nodot1xsystem‐auth‐control
Switch(config)#
authentic‐method Switch(config)#dot1xauthentic‐method
localUsethelocalusernamedatabaseforauthentication
radiusUsetheRemoteAuthenticationDial‐InUserService
(RADIUS)server sforauthentication
Switch(config)#dot1xauthentic‐methodradius
Switch(config)#
radiusserver‐ip Switch(config)#dot1xradius
Switch(config)#dot1xradiusserver‐ip192.168.2.200key1234
RADIUSServerPortnumberNOTgiven.(default=1812)
RADIUSAccountingPortnumberNOTgiven.(def ault=1813)
RADIUSServerIP:192.168.2.200
RADIUSServerKey:1234
RADIUSServerPort:1812
RADIUSAccountingPort:1813
Switch(config)#
radiusserver‐ip Switch(config)#dot1xradius
Switch(config)#dot1xradiusserver‐ip192.168.2.200key1234
119