From: Richard Hanks (ccieingroup@hotmail.com)
Date: Tue Jan 07 2003 - 02:03:08 GMT-3
Hi Yinda,
I ever thought of your solution. But if I did that, I wonder whether these two
will work as AND relation or OR relation since the question seems need to be
AND but two ACL on the same interface seems works as OR.
Richard
----- Original Message -----
From: Hotmail
To: Richard Hanks ; Massimiliano Tognon ; ccielab@groupstudy.com
Sent: Monday, January 06, 2003 9:30 PM
Subject: Re: 3550 security
I would simply use the layer 2 port ACL capability of the 3550. You can
apply one IP ACL and one MAC ACL filter on a layer 2 port of the 3550.
Yinka.
----- Original Message -----
From: "Richard Hanks" <ccieingroup@hotmail.com>
To: "Massimiliano Tognon" <mtognon@tecnonetspa.it>;
<ccielab@groupstudy.com>
Sent: Monday, January 06, 2003 3:12 PM
Subject: Re: 3550 security
> Hi Massimiliano,
>
> After you use the
> switchport port-security mac-address 3333.4444.5555
> switchport port-security maximum 1
> Can we try to use another Port ACL(Which is s standard IP ACL) on this
> interface to restrict the ideal ip address sourced from this port.
> such as:
>
> access-list 1 permit host 192.168.1.8
>
> inter fa 1/1
> ip access-group 1 in
>
> Then it seems the "Port-security" is (And) working with the standard
input
> Port ACL. Do you think it is a solution to your question? Longing for
your
> reply.
>
> Rgd,s
> Richard
>
> ----- Original Message -----
> From:
> To: ccielab@groupstudy.com
> Sent: Saturday, December 14, 2002 5:57 AM
> Subject: 3550 security
>
>
> hi folks, question for you...
> how can i secure a 3550 port?
> question is :
> i can allow only 1 pc with specific mac-address (something like
> ) AND specific IP ADDRESS (something like 192.168.1.8).
> for mac-address i think to use port security, but what can i use for ip
> address?
> 3550 fasteth is a layer 2 port not a routed (layer3) port...
> any idea ?
>
> thanks
> .
> .
.
.
This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:44 GMT-3