Cisco in the following three options, Option 1 and Option 2 is the same as the function of the realization, that is, the specific binding of the switch port on the host-specific MAC address (network card hardware address), Option 3 is the specific At the same time, the switch port on the host-specific binding of the MAC address (network card hardware address) and IP address.

1. Option 1 - Based on the port MAC address binding

& nbs p; Cisco 2950 switch as an example, log into the switch, enter the management password to enter the configuration mode, key in the command:
Switch # config terminal
# To enter the configuration mode
Switch (config) # Interface fastethernet 0 / 1
# To enter the specific port configuration mode
Switch (config-if) # Switchport port-secruity
# Configure port security mode
Switch (config-if) switchport port-security mac-address MAC (the MAC address of host)
# Configure the port to bind the MAC address of the host
Switch (config-if) no switchport port-security mac-address MAC (the MAC address of host)
# Delete the MAC address of the host-binding

Note:
The above command sets switch port to bind to a specific MAC address, so that only the host can use the network, if the host had a replacement card or other PC-like network through the use of this port is not available, unless the deletion or modify the port MAC address binding to normal use.
The above features apply to Cisco 2950,3550,4500,6500 Series switches

2. Option 2 - based on the expansion of MAC address access list

Switch (config) Mac access-list extended MAC10
# Define a MAC address access control list and the list named named MAC10
Switch (config) permit host 0009.6bc4.d4bf any
# Define MAC address of the host 0009.6bc4.d4bf be able to access any host
Switch (config) permit any host 0009.6bc4.d4bf
# Define all hosts can access the MAC address of the host 0009.6bc4.d4bf
Switch (config-if) interface Fa0/20
# To enter the specific port configuration mode
Switch (config-if) mac access-group MAC10 in
# In the application of port access list, called the MAC10 (ie in front of our definition of access policies)
Switch (config) no mac access-list extended MAC10
# Clear the access list named MAC10

This feature and application of a similar, but it is done based on the port MAC address access control list restrictions can limit the specific source MAC address and destination address range.

Note:
The above function 2950,3550,4500,6500 series Cisco switch can be achieved, but that needs attention is the need for switches 2950,3550 running the enhanced software image (Enhanced Image).

3. Program 3 - IP address MAC address binding

Applications can only be 1 or 2 and IP-based access control list to use to achieve the combination of IP-MAC binding function.
Switch (config) Mac access-list extended MAC10
# Define a MAC address access control list and the list named named MAC10
Switch (config) permit host 0009.6bc4.d4bf any
# Define MAC address of the host 0009.6bc4.d4bf be able to access any host
Switch (config) permit any host 0009.6bc4.d4bf
# Define all hosts can access the MAC address of the host 0009.6bc4.d4bf
Switch (config) Ip access-list extended IP10
# Define an IP address access control list and the list name called IP10
Switch (config) Permit 192.168.0.1 0.0.0.0 any
# Define IP address is 192.168.0.1 host can access any host
Permit any 192.168.0.1 0.0.0.0
# Define all hosts can access the IP address is 192.168.0.1 host
Switch (config-if) interface Fa0/20
# To enter the specific port configuration mode
Switch (config-if) mac access-group MAC10 in
# In the application of port access list, called the MAC10 (ie in front of our definition of access policies)
Switch (config-if) Ip access-group IP10 in
# Applications in the port of the access list named IP10 (ie in front of our definition of access policies)
Switch (config) no mac access-list extended MAC10
# Clear the access list named MAC10
Switch (config) no Ip access-group IP10 in
# Clear the access list named IP10

Application of the above mentioned is a host-based switch port MAC address binding, Option 2 is based on the MAC address access control lists, the former two options can achieve the same general function. If you want to do IP and MAC address binding can only be achieved in accordance with Option 3, the demand will be in accordance with Option 1 or Option 2 with the IP access control list to combine the use of in order to achieve their desired effect.
Note:
The above function 2950,3550,4500,6500 series Cisco switch can be achieved, but that needs attention is the need for switches 2950,3550 running the enhanced software image (Enhanced Image).