From: Jeff K. (jeffbk@xxxxxxxxxxxxx)
Date: Wed May 30 2001 - 09:05:01 GMT-3
Your 5002 will not be able to allow a certain IP address on a certain port.
It can only deal with permitting certain MAC addresses. You can use port
security to allow only that MAC address on a certain port or use VMPS to
dynamically assign that MAC address to a certain VLAN. With VMPS you have
different modes -- you can have a port shutdown or get assigned to an
'empty' VLAN if an unknown MAC address tries to connect. The only IP
permitting is with the 'set IP permit' statement, but this only works for
telnet and SNMP. This is a Multi-Layer switch -- the closest it gets to
even being aware of any Layer 3 address is when you enable multi-layer
switching, but this is only so the switch can do shortcut-switching (rewrite
the packets using its ASICs so this gets off-loaded from your router) for
inter-VLAN communications.
HTH,
-Jeff
----- Original Message -----
From: "cao lingwei" <caolw@fosco.com.cn>
To: <ccielab@groupstudy.com>
Sent: Wednesday, May 30, 2001 3:42 AM
Subject: about switch security
> In my pratice lab:
> config Catalyst 5002's port 2/21 security
> only permit ip address 1.1.1.1 and mac address
> 0001.0001.0001 can connect this switch.
> How does it?
> What does ip address control in switch?
> **Please read:http://www.groupstudy.com/list/posting.html
**Please read:http://www.groupstudy.com/list/posting.html
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:30:57 GMT-3