From: Elias Aggelidis (eaggel@xxxxxxxxxxx)
Date: Thu Apr 19 2001 - 20:54:48 GMT-3
`Dear All,
the ip permit is only for permiting telnet or snmp to the switch.
set ip permit
Use the set ip permit command to enable or disable the IP permit list and to
specify IP addresses to be added to the IP permit list.
set ip permit {enable | disable}
set ip permit {enable | disable} [telnet | snmp]
set ip permit ip_addr [mask] [telnet | snmp | all]
Syntax Description
enable
Keyword that specifies to enable the IP permit list.
disable
Keyword that specifies to disable the IP permit list.
telnet
(Optional) Telnet IP permit list.
snmp
(Optional) SNMP IP permit list.
ip_addr
IP address to be added to the IP permit list. An IP alias or host name that
can be resolved through DNS can also be used.
mask
(Optional) Subnet mask of the specified IP address.
all
(Optional) Keyword that specifies all entries in the IP permit list.
Default
The IP permit list is disabled.
Supported Platforms
Catalyst 5000 family switches
Catalyst 4000 family switches
Catalyst 2926G series switches
Catalyst 2948G switch
Catalyst 2980G switch
Command Type
Switch command.
Command Mode
Privileged.
Usage Guidelines
You can configure up to 100 entries in the permit list. If the IP permit
list is enabled, but the permit list has no entries configured, a caution
displays on the screen.
Make sure you enter the entire disable keyword when entering the set ip
permit disable command. If you abbreviate the keyword, the abbreviation is
interpreted as a host name to add to the IP permit list.
If the snmp, telnet, or all variable is not specified, the IP address is
added to both the SNMP and Telnet permit lists.
You enter the mask in dotted decimal format, for example, 255.255.0.0.
Examples
This example shows how to add an IP address to the IP permit list:
Console> (enable) set ip permit 192.168.255.255
192.168.255.255 added to IP permit list.
Console> (enable)
This example shows how to add an IP address using an IP alias or host name
to both the SNMP and Telnet permit lists:
Console> (enable) set ip permit batboy
batboy added to IP permit list.
Console> (enable)
This example shows how to add a subnet mask of the IP address to both the
SNMP and Telnet permit lists:
Console> (enable) set ip permit 192.168.255.255 255.255.192.0
192.168.255.255 with mask 255.255.192.0 added to IP permit list.
Console> (enable)
This example shows how to add an IP address to the Telnet IP permit list:
Console> (enable) set ip permit 172.16.0.0 255.255.0.0 telnet
172.16.0.0 with mask 255.255.0.0 added to telnet permit list.
Console> (enable)
This example shows how to add an IP address to the SNMP IP permit list:
Console> (enable) set ip permit 172.20.52.32 255.255.255.224 snmp
172.20.52.32 with mask 255.255.255.224 added to snmp permit list.
Console> (enable)
This example shows how to add an IP address to the all IP permit lists:
Console> (enable) set ip permit 172.20.52.3 all
172.20.52.3 added to IP permit list.
Console> (enable)
This example shows how to enable the IP permit list:
Console> (enable) set ip permit enable
IP permit list enabled.
Console> (enable)
This example shows how to disable the IP permit list:
Console> (enable) set ip permit disable
IP permit list disabled.
Console> (enable)
Related Commands
****************************************************************
Elias Aggelidis ALGOSYSTEMS SA
Senior Network Engineer 4, Sardeon Str
CCNA, CCNP Nea Smyrni
CVOICE, Security Specialised
PICA Administrator
Athens 17121
tel: +301-9310281 GREECE
fax: +301-9352873
email: eaggel@algo.com.gr
****************************************************************
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Padhu
(LFG)
Sent: ??5pt?, 19 ?p?????? 2001 7:47 55
To: 'Huang HaiBo'; Clifton Stewart
Cc: ccielab@groupstudy.com
Subject: RE: Catlyst 5000
I thought the set ip permit is for restricting who all can telnet to the
catalyst itself ..Can someone correct me if i am wrong ?
-----Original Message-----
From: Huang HaiBo [mailto:huanghb@mdcl.com.cn]
Sent: Thursday, April 19, 2001 4:12 AM
To: Clifton Stewart
Cc: ccielab@groupstudy.com
Subject: Re: Catlyst 5000
I don't think it is correct to use the set ip permit to bundle the ip
address to mac address.
In fact, this question mean is only the Laptop that have this mac address
and this ip address can access network through cat 5000.
hhb
----- Original Message -----
From: Clifton Stewart <cliftonlstewart@home.com>
To: Huang HaiBo <huanghb@mdcl.com.cn>; <ccielab@groupstudy.com>
Sent: Thursday, April 19, 2001 4:44 PM
Subject: Catlyst 5000
> Huang,
>
> Try setting the port security for the mac-address. This is actually useful
to prevent using from plugging hosts into incorrect VLANs, causing a
troubleshooting nightmare.
>
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_4/cmd_ref/
set_po_r.htm#16989
>
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_4/cmd_ref/
sh_a_c.htm#18219
>
> Then use the set ip permit command to specify a particular ip address.
>
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_4/cmd_ref/
set_f_l.htm#10190
>
>
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat5000/rel_5_4/cmd_ref/
sh_l_mi.htm#41202
>
> -Cliff
>
>
>
> Huang HaiBo wrote:
>
> > Hi,
> >
> > I have one question about the catalyst 5000:
> >
> > There is one port 2/10 in the catalyst 5000 as drop point, only let a
Laptop to use the drop, only permit MAC=00-12-34-56-78-22 and IP address
10.10.10.10 to access this drop point.
> >
> > I think Cat5000 is layer 2 equipment, how to make it to the lay3 ip
address?
> >
> > HHB
> > **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:29:52 GMT-3