中兴交换机ZXR10-2950如何做mac地址和ip绑定端口、关闭端口
中兴交换机ZXR10-2950如何做mac地址和ip绑定端口?
比如这里有一台主机,ip地址为:192.168.5.100 255.255.255.255 mac地址为:fc.3f.db.8c.ad.03 我要绑定到交换机的1口
方法一:
命令1是:
config ingress-acl hybrid number 301 //这里的number范围是{300~399}
rule 1 permit ip 192.168.5.100 255.255.255.255 any fc.3f.db.8c.ad.03 ff.ff.ff.ff.ff.ff any
rule 2 deny ip any any
如何关闭?
clear ingress-acl hybrid number 301
命令2是:
set port 1 acl mode port
set port 1 acl 301 enable
如何关闭?
set port 1 acl 301 disable
set port 1 disable
验证:
2950(cfg)#show acl con num 310
Acl No. : 310
Acl Name :
Acl Type : hybrid
Rule Number : 2
-----------------------------------------------------------------
RuleId : 1
TimeRange State : active
Filter : permit ip 192.168.5.100 255.255.255.255 any fc.3f.db.8c.ad.03 ff.ff.ff.ff.ff.ff any
RuleId : 2
TimeRange State : active
Filter : deny ip any any
方法二:
2950(cfg)#set port 1 security enable
2950(cfg)#set mac learning port 1 enable
上述2条命令功能一样,当learning先配,再配security可以执行,但先配security再配learning则会报错,不让执行。如果已经先配了learning enable,再配置security成功,想将learning disable也会报错,必须先将security disable,
2950(cfg)#set mac add permanent fc.3f.db.8c.ad.03 port 1 vlan 100
2950(cfg)#set mac delete permanent ?
<cr> 删除永久MAC地址,这里是整个表清除。这是缺点
2950(cfg)#set port 1 security disable
2950(cfg)#set mac learning port 1 disable
关闭端口:
端口号环路set loopdeltect port 端口号 enable|disable
关闭端口和开起端口set port 端口号 enable|disable
来源:https://blog.csdn.net/qq_36742166/article/details/114399157