From: Bauer, Rick (BAUERR@xxxxxxxxxxx)
Date: Tue Jul 23 2002 - 08:14:34 GMT-3
One way to accomplish this would be to use a combination of port security
and a static arp entry. Port Security associates the mac with the port and
the static arp would associate the ip address with the mac, done. HTH...
Rick, #9482
-----Original Message-----
From: ajitmohanraj [mailto:ajitmohanraj@vsnl.com]
Sent: Tuesday, July 23, 2002 2:13 AM
To: Johnny Peterson
Cc: ccielab@groupstudy.com
Subject: Fw: Catalyst 5000 Port Security
follow the example of the vlan-name "purple" and watch how it ties up the
Mac address -> To Valn name -> To Ip address -> To port at the end under the
VLAN Port Policies !!
Or am I missing something ???
----- Original Message -----
From: "ajitmohanraj" <ajitmohanraj@vsnl.com>
To: "Johnny Peterson" <johnny@virtualrack.net>
Cc: <ccielab@groupstudy.com>
Sent: Tuesday, July 23, 2002 11:30 AM
Subject: Re: Catalyst 5000 Port Security
> Could you not work something out with the VMPS Database ...specifically
> under the VLAN PORT POLICIES (as indicated towards the end of this sample
> file eg) ?? I think that would answer the question sought
>
> Regards
> Ajit
>
>
> VMPS Database Configuration File Example
> This example shows a sample VMPS database configuration file. A VMPS
> database configuration file is an ASCII text file that is stored on a TFTP
> server accessible to the switch that functions as the VMPS server.
>
> !vmps domain <domain-name>
> ! The VMPS domain must be defined.
> !vmps mode { open | secure }
> ! The default mode is open.
> !vmps fallback <vlan-name>
> !vmps no-domain-req { allow | deny }
> !
> ! The default value is allow.
> vmps domain WBU
> vmps mode open
> vmps fallback default
> vmps no-domain-req deny
> !
> !
> !MAC Addresses
> !
> vmps-mac-addrs
> !
> ! address <addr> vlan-name <vlan_name>
> !
> address 0012.2233.4455 vlan-name hardware
> address 0000.6509.a080 vlan-name hardware
> address aabb.ccdd.eeff vlan-name Green
> address 1223.5678.9abc vlan-name ExecStaff
> address fedc.ba98.7654 vlan-name --NONE--
> address fedc.ba23.1245 vlan-name Purple
> !
> !Port Groups
> !
> !vmps-port-group <group-name>
> ! device <device-id> { port <port-name> | all-ports }
> !
> vmps-port-group WiringCloset1
> device 198.92.30.32 port 3/2
> device 172.20.26.141 port 2/8
> vmps-port-group "Executive Row"
> device 198.4.254.222 port 1/2
> device 198.4.254.222 port 1/3
> device 198.4.254.223 all-ports
> !
> !
> !VLAN groups
> !
> !vmps-vlan-group <group-name>
> ! vlan-name <vlan-name>
> !
> vmps-vlan-group Engineering
> vlan-name hardware
> vlan-name software
> !
> !
> !VLAN port Policies
> !
> !vmps-port-policies {vlan-name <vlan_name> | vlan-group <group-name> }
> ! { port-group <group-name> | device <device-id> port <port-name> }
> !
> vmps-port-policies vlan-group Engineering
> port-group WiringCloset1
> vmps-port-policies vlan-name Green
> device 198.92.30.32 port 4/8
> vmps-port-policies vlan-name Purple
> device 198.4.254.22 port 1/2
> port-group "Executive Row"
>
>
> ----- Original Message -----
> From: "Johnny Peterson" <johnny@virtualrack.net>
> To: <ccielab@groupstudy.com>
> Sent: Tuesday, July 23, 2002 7:16 AM
> Subject: RE: Catalyst 5000 Port Security
>
>
> > Port security on the Cat 5000/5500 series is restricted to Layer 2,
which
> > means you will only be able to restrict by MAC address.
> >
> > Regards,
> > JP
> >
> > -----Original Message-----
> > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> > alex fayn
> > Sent: Monday, July 22, 2002 7:50 PM
> > To: ccielab@groupstudy.com
> > Subject: Catalyst 5000 Port Security
> >
> >
> > Is it possible to restrict catalyst ports to specific ip addresses in
> > addition to specific MAC addresses?
> >
> > Thanks
> >
> >
> >
> > ---------------------------------
> > Do You Yahoo!?
> > Yahoo! Health - Feel better, live better
This archive was generated by hypermail 2.1.4 : Sat Sep 07 2002 - 19:36:40 GMT-3