Cisco Cisco's router equipment, switches and other equipment carry 80% of the world's Internet communications and become the legend of the new economy in Silicon Valley. Do you know how to bind the Cisco port ipmac? The following is some information I have compiled about how to bind the Cisco port ipmac for your reference.

Ipmac binding method of Cisco port:

Port-based MAC address binding

For example, a Cisco 2950 switch, log in to the switch, enter the administrative password to enter configuration mode, and type the command:

Switch #c configuration terminal

Enter configuration mode

Switch (configuration) # interface fastethernet 0/ 1

# Enter specific port configuration mode

Switch (Configuration -if)# Switch Port-Security

# Configure port security mode

Switch (Configuration -if) Switch Port-Secure MAC- Address MAC (MAC address of the host)

# Configure the MAC address of the host to which this port is bound.

Switch (configuration -if) has no switch port-secure MAC- address MAC (MAC address of the host)

# Delete the MAC address of the bound host

Second, the extended access list based on MAC address.

Switch (Configuration) Mac Access List Extended MAC

# Define a MAC address access control list and name it MAC.

The switch (configuration) allows the host 0009.6bc4.d4bfany.

# Define that a host with a MAC address of 0009.6bc4.d4bf can access any host.

The switch (configuration) allows any host 0009.6bc4.d4bf

# Define that all hosts can access the host with the MAC address of 0009.6bc4.d4bf

Switch (configuration -if) interface Fa0/20

# Enter the mode of configuring a specific port.

Switch (configuration -if )mac access-group mac input

# Apply an access list named MAC on this port (that is, the access policy we defined earlier).

Switch (Configuration) No mac Access List Extended MAC

# Clear the access list named MAC

Third, the MAC address binding of IP address.

Only by combining the application 1 or 2 with the IP-based access control list can the IP-MAC binding function be realized.

Switch (Configuration) Mac Access List Extended MAC

# Define a MAC address access control list and name it MAC.

The switch (configuration) allows the host 0009.6bc4.d4bfany.

# Define that a host with a MAC address of 0009.6bc4.d4bf can access any host.

The switch (configuration) allows any host 0009.6bc4.d4bf

# Define that all hosts can access the host with the MAC address of 0009.6bc4.d4bf

Switch (Configuration) Ip Access List Extended IP

# Define an IP address access control list and name it IP.

Switch (configuration) allows192.168.0.10.0.0 any.

# Define that a host with an IP address of192.168.0.1can access any host.

Any192.168.0.10.0.0 is allowed.

# Define that all hosts can access the host with IP address192.168.0.1.

Switch (configuration -if) interface Fa0/20

# Enter the mode of configuring a specific port.

Switch (configuration -if )mac access group MAC 1in

# Apply an access list named MAC on this port (that is, the access policy we defined earlier).

Switch (Configuration -if )Ip Access-Group Ip Input

# Apply an access list named IP 10 on this port (that is, the access policy we defined earlier).

Switch (Configuration) No mac Access List Extended MAC

# Clear the access list named MAC

Switch (Configuration) No Ip Access-Group IP Input

# Clear the access list named IP

In Cisco switches, in order to prevent ip from being stolen or tampered with by employees, the following measures can be taken: binding ip to mac address and binding ip to switch port.

First, check the port through IP.

Check the Mac address first, and then check the port according to the Mac address:

Class building 3 # showarp | include208.4 1 or show mac-address-table to view the ip-mac table of the whole port.

Internet10.138.208.4140006.1bde.3de9arpa VLAN10.

Mac-add | in 0006. 1bde is displayed in 3 # of bangong building.

10 0006. 1bde.3de9 Dynamic Fa0/ 17

Bangong building exit 3 #

Second, the binding of ip and mac addresses. This binding can simply and effectively prevent ip from being stolen. After others use your mac address to change ip to ip, their network will be different.

(tcp/udp protocol is different, but netbios network can be accessed). The specific method is as follows:

Cisco (configuration) # ARP10.138.208.810000.e268.9980arpa

This binds10.138.208.81with mac:0000.e268.9980 ARPA.

Third, the binding of ip and switch ports. The port bound by this method can only use this ip, and the network will be disconnected immediately after switching to another ip. Effectively prevent the abuse of ip.

Cisco (configuration) # interface FastEthernet0/ 17

Cisco (Configuration -if)# ip Access-Group 6

Cisco (Configuration) # Access List 6 Allow10.138.208.81

Therefore, the FastEthernet0/ 17 port of the switch is bound to IP:10.138.208.81.

?

?