博威---云架构决胜云计算

 找回密码
 注册

QQ登录

只需一步,快速开始

搜索
查看: 1569|回复: 0

于交换机上的mac地址接入的限制

[复制链接]
发表于 2008-10-13 22:06:47 | 显示全部楼层 |阅读模式
于交换机上的mac地址接入的限制

遇到一个项目,客户要求根据mac地址来限制pc在各个楼层之间的移动,单本楼层允许pc在任何交换机端口登陆,配置如下
原理很简单,利用mac list限制mac,再应用与vlan接口,2950都能实现
------------------ show running-config ------------------


Building configuration...

Current configuration : 6540 bytes
!
! Last configuration change at 17:18:57 UTC Thu Jan 18 2007
! NVRAM config last updated at 17:19:18 UTC Thu Jan 18 2007
!
version 12.2
no service pad
service timestamps debug uptime
service timestamps log datetime localtime
no service password-encryption
!
hostname 12F-3560-switch
!
enable secret 5 <removed>
!
no aaa new-model
ip subnet-zero
!
!
!
!
no file verify auto
!
mac access-list extended F12-mac-permit
permit host 0000.3920.368b any
permit host 0016.d323.cf9e any
permit host 000d.6013.2869 any
permit host 0080.c88f.71d3 any
permit host 0016.d323.cef4 any
permit host 0016.d323.d00e any
permit host 0016.d322.f959 any
permit host 0016.d32a.f9f0 any
permit host 0016.d323.cf6a any
permit host 000f.1faa.c376 any
permit host 0016.d323.d22e any
permit host 0016.d323.d151 any
permit host 0016.d322.f98e any
permit host 0016.d322.700f any
permit host 0016.d322.ff39 any
permit host 0250.f23d.0001 any
permit host 0016.d323.d160 any
permit host 0016.d330.0d94 any
permit host 0007.95b4.f964 any
permit host 0008.02d6.fd4c any
permit host 0016.d323.d235 any
permit host 0016.d32a.f96b any
permit host 0016.d323.cead any
permit host 0016.d322.fbb2 any
permit host 000d.6089.e145 any
permit host 0016.d322.9ac1 any
permit host 0016.d323.65f9 any
permit host 0016.d323.6b8e any
permit host 0016.d32d.c831 any
permit host 0016.d323.d153 any
permit host 0016.d325.12ed any
permit host 000d.6033.5eeb any
spanning-tree mode pvst
spanning-tree extend system-id
!
vlan internal allocation policy ascending
!
interface GigabitEthernet0/1
description to-yangguan
switchport access vlan 99
!
interface GigabitEthernet0/2
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/3
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/4
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/5
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/6
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/7
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/8
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/9
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/10
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/11
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/12
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/13
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/14
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/15
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/16
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/17
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/18
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/19
description to-
switchport access vlan 99
!
interface GigabitEthernet0/20
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/21
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/22
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/23
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/24
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/25
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/26
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/27
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/28
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/29
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/30
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/31
description to-tanzhi
switchport access vlan 99
!
interface GigabitEthernet0/32
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/33
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/34
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/35
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/36
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/37
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/38
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/39
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/40
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/41
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/42
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/43
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/44
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/45
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/46
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/47
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/48
switchport access vlan 110
mac access-group F12-mac-permit in
!
interface GigabitEthernet0/49
switchport trunk encapsulation isl
switchport mode trunk
!
interface GigabitEthernet0/50
!
interface GigabitEthernet0/51
!
interface GigabitEthernet0/52
!
interface Vlan1
no ip address
!
interface Vlan99
no ip address
!
interface Vlan110
ip address 10.168.23.98 255.255.255.0
!
ip classless
ip http server
!
!
control-plane
!
!
line con 0
line vty 0 4
password <removed>
login
line vty 5 15
no login
!
end
您需要登录后才可以回帖 登录 | 注册

本版积分规则

小黑屋|手机版|Archiver|boway Inc. ( 冀ICP备10011147号 )

GMT+8, 2024-11-24 04:42 , Processed in 0.092737 second(s), 17 queries .

Powered by Discuz! X3.4

Copyright © 2001-2021, Tencent Cloud.

快速回复 返回顶部 返回列表