Recently, many readers have asked the author about how to prevent ARP from deceiving worms. The author has also written several examples of killing the virus from multiple perspectives. Regardless of the angle from which to guard against ARP viruses, the most important thing is to close the switch or router port connected to the ARP virus in time, and close the normal access of the network, thus effectively controlling the virus. So learning to turn off the switch port or selectively filtering packets will be key. Today we continue to explain the MAC address-based access control with practical examples.
One, directly shut down the switch port method:
Generally speaking, the simplest and direct method is to directly close the port of the switch to prevent the infected host from accessing the network. Including direct cable removal, directly shut down the power supply of the cascade switch. Of course, the most common is to logically close by software commands. The specific commands are as follows.
Step 1: Enter the management interface of the switch or router with the correct account and password.
Second step: Enter the corresponding port through the int command.
Step 3: Close the corresponding port with the shutdown command.
This way the port is in a logically closed state, just like we pulled the network cable out of the port. A virus-infected computer connected to the port will also be unable to access the network, and will naturally not cause an ARP spoofing crisis for computers on other networks.
; Second, the port is managed by MAC address-based access control:
However, simply shutting down the switch or router port through the shutdown command also has certain drawbacks, such as when the port If there are multiple subordinate devices connected, if the port is directly closed, the subordinate devices will not be able to access the network, giving the impression that "it is better to miss one hundred and not miss one." So is there a way to logically block only the problematic computer, and other computers that are also connected to the port are not affected? The answer is yes, this is the point to be addressed in this article - managing ports through MAC address-based access control.
Step 1: Here we assume that the computer's MAC address is 5078.4c68.8e34, and we enter the switch with the correct administrator account and password.
Second step: Enter the configuration mode through the config t command, and view the MAC address of each port connection through the sh mac-address command. We can see that the MAC address of 5078.4c68.8e34 is connected to Gi1/2/1 this port. (Figure 1);
The third step: enter the corresponding port through the int gi1/2/1 command, of course, because the GI port 10G port, he is connected to another A device, so running the shutdown command directly on that port will directly cause all hosts connected to another device to lose access to the network. At this point we need to use MAC address-based access control to manage the port.
Step Four: exit command to return by the configuration mode, to set up a MAC address filtering information mac access-list ext bingdu instruction, called bingdu. (Figure 2)
Step 5: After entering the MAC address filtering information setting interface named bingdu, we add regular rules for it. . For example, add the deny host 5078.4c68.8e34 any command to disable all hosts whose data source MAC address is 5078.4c68.8e34 from transmitting through this port. Of course, you must add a permit any any command because I am using a Cisco device. At the end of any ACL access control list, the deny any any command will be added by default, which will directly prohibit communication of all devices. It is wrong to not modify the default information. (Figure 3)
After managing the port with two MAC address-based access controls, we can allow hosts with other MAC addresses to pass the The port successfully transmitted the data, and the host with the virus with the MAC address of 5078.4c68.8e34 will be blocked from the network.
Third, summary:
In fact, the use of switches and routers is very flexible. Through a variety of access control lists, we can get more results with less effort, and many times There are also many ways to solve problems, which require us to accumulate and learn in the daily work and maintenance process.
How to access the password when opening the LAN share 1. In Network Access: Do not allow SAM acco
How to turn off UAC user account control in Windows 7 UAC (User Account Control): Originally name
How to create a system restore point in Windows 7 1, start menu Right click on Computer and click
How to set the time and date of Windows 7 1, left click on the time mark at the bottom right of t
Save time and increase productivity. Deploy workstations with RIS services (1)
Parsing Svchost.exe and Explorer.exe two major system processes
Solving 16-bit MS-DOS Subsystem Encountered Invalid Instruction Problems
XP automatically logout after automatic logout solution
Alternative skills: use DOS to send and receive MAIL
A good way to keep your desktop clean and tidy
Currently the most secure way to open a USB flash drive
Detailed computer troubleshooting for computer diagnosis (below)
WindowsServer2008 firewall analysis
Add NTFS encryption and decryption to the right-click menu.
Linux-based new mobile operating system Taize
Play Win8.1 touch screen! I have to know the gestures to operate a large inventory of
Win7 Start Menu Cannot Find All Program Options How to Fix
How to enter the Windows 8 system boot options menu
What is the phenomenon of suspended animation in the Win7 system taskbar?
How to clean up files downloaded from Win10 App Store
Cleverly deal with Win7 playing StarCraft flower screen problem