4.2.14.1直接連接電腦的埠或未使用的埠增加配置如下:
IOS Switch(conf-if)#;
switchport port-security(啟用安全功能);
switchport port-security maximum 2(限定埠允許通過的最大MAC位址數量);
switchport port-security aging time 1(MAC地址老化時間);
switchport port-security violation restrict(對超過限定允許MAC位址違規的措施)
udld port(單向連路檢測功能);
spanning-tree bpduguard enable(防止未授權設備的接入);
▲(config)#aaa new-model;
▲(config)#aaa authentication login default group tacacs+ local;
▲(config)#aaa authentication login console line enable;
▲(config)#aaa authorization exec default group tacacs+ local;
▲(config)#aaa accounting exec default start-stop group tacacs+;
▲(config)#aaa accounting commands 15 default start-stop group tacacs+;
▲(config)#aaa accounting network default start-stop group tacacs+;
▲(config)#aaa accounting connection default start-stop group tacacs+;
▲(config)#tacacs-server host 10.191.133.18;
▲(config)#tacacs-server host 10.191.133.19;
▲(config)#tacacs-server key 191;
▲(config)#ip tacacs source-interface vlan 1;
spanning-tree mode mst
pvst
rapid-pvst