Page 208

184 Chapter 4: Bridges/Switches and LAN Design

An example is particularly useful for understanding the concept; the configuration is very
straightforward. Consider Figure 4-27, which shows a similar configuration to Figure 4-26,
except that the finance department has increased to three employees. These three employees are
on the same shared hub, which is then cabled to switch port 0/1.

Figure 4-27

Sample Network with Port Security

Port security can be used to restrict port 0/1 so that only three MAC addresses can source frames
that enter port 0/1--this is because only the finance department is expected to use the shared
hub. Any permanent or restricted-static MAC addresses count against this total of three.
Example 4-6 shows a sample configuration, with show commands:

Example 4-6

Port Security Example

wg_sw_a(config)#mac-address-table permanent 0200.2222.2222 ethernet 0/3
wg_sw_a(config)#mac-address-table permanent 0200.4444.4444 ethernet 0/1
wg_sw_a(config)#mac-address-table restricted static 0200.1111.1111 e0/4 e0/1
wg_sw_a(config)#interface ethernet 0/1
wg_sw_a(config-if)#port secure max-mac-count 3
wg_sw_a(config-if)#End
wg_sw_a#
wg_sw_a#sh mac-address-table
Number of permanent addresses : 2
Number of restricted static addresses : 1
Number of dynamic addresses : 6

Address Dest Interface Type Source Interface List
----------------------------------------------------------------------
0200.4444.4444 Ethernet 0/1 Permanent All
0200.5555.5555 Ethernet 0/1 Dynamic All
0200.6666.6666 Ethernet 0/1 Dynamic All
00E0.1E5D.AE2F Ethernet 0/2 Dynamic All
0200.2222.2222 Ethernet 0/3 Permanent All
0200

1111.1111 Ethernet 0/4 Static Et0/1

00D0.588F.B604 FastEthernet 0/26 Dynamic All
00E0.1E5D.AE2B FastEthernet 0/26 Dynamic All
00D0.5892.38C4 FastEthernet 0/27 Dynamic All

Company Comptroller
0200.4444.4444

Payroll Clerk
0200.5555.5555

Receivables Clerk
0200.6666.6666

E0/1

E0/2

Payroll Server

E0/4

E0/3

ch04.fm Page 184 Monday, March 20, 2000 5:02 PM