From: ajitmohanraj (ajitmohanraj@xxxxxxxx)
Date: Tue Jul 23 2002 - 03:00:04 GMT-3
Could you not work something out with the VMPS Database ...specifically
under the VLAN PORT POLICIES (as indicated towards the end of this sample
file eg) ?? I think that would answer the question sought
Regards
Ajit
VMPS Database Configuration File Example
This example shows a sample VMPS database configuration file. A VMPS
database configuration file is an ASCII text file that is stored on a TFTP
server accessible to the switch that functions as the VMPS server.
!vmps domain <domain-name>
! The VMPS domain must be defined.
!vmps mode { open | secure }
! The default mode is open.
!vmps fallback <vlan-name>
!vmps no-domain-req { allow | deny }
!
! The default value is allow.
vmps domain WBU
vmps mode open
vmps fallback default
vmps no-domain-req deny
!
!
!MAC Addresses
!
vmps-mac-addrs
!
! address <addr> vlan-name <vlan_name>
!
address 0012.2233.4455 vlan-name hardware
address 0000.6509.a080 vlan-name hardware
address aabb.ccdd.eeff vlan-name Green
address 1223.5678.9abc vlan-name ExecStaff
address fedc.ba98.7654 vlan-name --NONE--
address fedc.ba23.1245 vlan-name Purple
!
!Port Groups
!
!vmps-port-group <group-name>
! device <device-id> { port <port-name> | all-ports }
!
vmps-port-group WiringCloset1
device 198.92.30.32 port 3/2
device 172.20.26.141 port 2/8
vmps-port-group "Executive Row"
device 198.4.254.222 port 1/2
device 198.4.254.222 port 1/3
device 198.4.254.223 all-ports
!
!
!VLAN groups
!
!vmps-vlan-group <group-name>
! vlan-name <vlan-name>
!
vmps-vlan-group Engineering
vlan-name hardware
vlan-name software
!
!
!VLAN port Policies
!
!vmps-port-policies {vlan-name <vlan_name> | vlan-group <group-name> }
! { port-group <group-name> | device <device-id> port <port-name> }
!
vmps-port-policies vlan-group Engineering
port-group WiringCloset1
vmps-port-policies vlan-name Green
device 198.92.30.32 port 4/8
vmps-port-policies vlan-name Purple
device 198.4.254.22 port 1/2
port-group "Executive Row"
----- Original Message -----
From: "Johnny Peterson" <johnny@virtualrack.net>
To: <ccielab@groupstudy.com>
Sent: Tuesday, July 23, 2002 7:16 AM
Subject: RE: Catalyst 5000 Port Security
> Port security on the Cat 5000/5500 series is restricted to Layer 2, which
> means you will only be able to restrict by MAC address.
>
> Regards,
> JP
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> alex fayn
> Sent: Monday, July 22, 2002 7:50 PM
> To: ccielab@groupstudy.com
> Subject: Catalyst 5000 Port Security
>
>
> Is it possible to restrict catalyst ports to specific ip addresses in
> addition to specific MAC addresses?
>
> Thanks
>
>
>
> ---------------------------------
> Do You Yahoo!?
> Yahoo! Health - Feel better, live better
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:40 GMT-3