Re: 3500 ip permit list ?

From: Chuck Church (ccie8776@rochester.rr.com)
Date: Fri Dec 20 2002 - 22:19:44 GMT-3

Well, that's different from IP permit, but with the 2950/3550s, you can
apply inbound ACLs on most ports. Just filter there. It's not the same as
port security, where the port shuts down given a non-allowed MAC. What
exactly are you trying to accomplish?

Chuck Church
CCIE #8776, MCNE, MCSE

----- Original Message -----
From: "kym blair" <kymblair@hotmail.com>
To: <ccie8776@rochester.rr.com>; <neil@droopy.com>; <dahlene@aros.net>;
<ccielab@groupstudy.com>
Sent: Friday, December 20, 2002 7:54 PM
Subject: Re: 3500 ip permit list ?

>
>
>
>
> Chuck,
>
> Is there a way to do port-security based on IP address?
>
> Thanks, Kym
>
>
> >From: "Chuck Church" <cchurch@optonline.net>
> >Reply-To: "Chuck Church" <ccie8776@rochester.rr.com>
> >To: "kym blair" <kymblair@hotmail.com>, <neil@droopy.com>,
> ><dahlene@aros.net>, <ccielab@groupstudy.com>
> >Subject: Re: 3500 ip permit list ?
> >Date: Fri, 20 Dec 2002 19:41:22 -0500
> >
> >Kym,
> >
> > Set Ip permit is for restricting access to the management interface.
> >For any IOS device, the equivalent is applying an access-class to the VTY
> >ports.
> >
> >Chuck Church
> >CCIE #8776, MCNE, MCSE
> >
> >
> >----- Original Message -----
> >From: "kym blair" <kymblair@hotmail.com>
> >To: <neil@droopy.com>; <dahlene@aros.net>; <ccielab@groupstudy.com>
> >Sent: Friday, December 20, 2002 5:38 PM
> >Subject: 3500 ip permit list ?
> >
> >
> > > Does the 3550 have a command equivalent to the 6509's "set ip permit
> > > X.X.X.X"? If not, is there a way to do port-security based on IP
address
> > > other than turning on ip routing and applying an access-list?
> > >
> > > Thanks,
> > >
> > > Kym
> > >
> > >
> > >
> > > >From: "Neil Moore" <neil@droopy.com>
> > > >Reply-To: "Neil Moore" <neil@droopy.com>
> > > >To: <dahlene@aros.net>, <ccielab@groupstudy.com>
> > > >Subject: Re: Port Block command 3500 series switches.
> > > >Date: Fri, 20 Dec 2002 16:47:22 -0500
> > > >
> > > >I use it with switchport protected
> > > >
> > > >Here is the snippit from
> > > >
> > >
> >
>http://www.cisco.com/univercd/cc/td/doc/product/lan/cat2950/12111ea1/scg/sw
> >t
> > > >rafc.htm#xtocid6
> > > >This example shows how to configure Gigabit Ethernet interface 0/1 as
a
> > > >protected port and verify the configuration:
> > > >
> > > >Switch# configure terminal
> > > >
> > > >Switch(config)# interface gigabitethernet0/1
> > > >
> > > >Switch(config-if)# switchport protected
> > > >
> > > >Switch(config-if)# end
> > > >
> > > >Switch# show interfaces gigabitethernet0/1 switchport
> > > >
> > > >Name: Gi0/1
> > > >Switchport: Enabled
> > > >
> > > ><output truncated>
> > > >
> > > >Protected: True
> > > >Unknown unicast blocked: disabled
> > > >Unknown multicast blocked: disabled
> > > >----------------------------------------
> > > >Neil Moore CCIE#10044
> > > >----- Original Message -----
> > > >From: <dahlene@aros.net>
> > > >To: <ccielab@groupstudy.com>
> > > >Sent: Friday, December 20, 2002 3:41 PM
> > > >Subject: Port Block command 3500 series switches.
> > > >
> > > >
> > > > > Can someone give me a scenario where you would want to use the
port
> > > >block
> > > > > unicast and multicast commands. I know that it blocks unknown
> >unicast
> > > >and
> > > > > multicast packets but am having a difficult time in coming up with
a
> > > >time
> > > >when
> > > > > I would want to use it.
> > > > >
> > > > > Thanks,
> > > > >
> > > > >
> > > > >
> > > > > Matt
> > > > > .
> > > >.
> > > s
> > >
> > > _________________________________________________________________
> > > Add photos to your messages with MSN 8. Get 2 months FREE*.
> > >
>
>http://join.msn.com/?page=features/featuredemail&xAPID=42&PS=47575&PI=7324&
D
> >I=7474&SU=
> > >
>
>http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_addphotos_
3
> >mf
> > > .
> _________________________________________________________________
> Add photos to your messages with MSN 8. Get 2 months FREE*.
>
http://join.msn.com/?page=features/featuredemail&xAPID=42&PS=47575&PI=7324&D
I=7474&SU=
>
http://www.hotmail.msn.com/cgi-bin/getmsg&HL=1216hotmailtaglines_addphotos_3
mf
.

This archive was generated by hypermail 2.1.4 : Fri Jan 17 2003 - 17:21:50 GMT-3