Re: 3550 security

From: Yinka Daramola (o_daramola@hotmail.com)
Date: Tue Jan 07 2003 - 07:33:55 GMT-3

• Next message: Zeb Khan: "Re: 3550 security"
• Previous message: Aidan Marks: "Re: EIGRP Summary-address behavior"
• Maybe in reply to: Richard Hanks: "Re: 3550 security"
• Next in thread: Zeb Khan: "Re: 3550 security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Richard,
You're right about the OR relation because the switch will permit a packet
with an arbitrary mac address and the specified ip address and vice versa,
and since he is trying to permit a packet that has both a specified mac and
ip address, using the two ACLs would not provide the solution.
Thanks for pointing that out, the secure port and ip ACL combination will
surely provide the solution.

Yinka

 ----- Original Message -----
From: "Richard Hanks" <ccieingroup@hotmail.com>
To: "Hotmail" <o_daramola@hotmail.com>; "Massimiliano Tognon"
<mtognon@tecnonetspa.it>; <ccielab@groupstudy.com>
Sent: Monday, January 06, 2003 9:03 PM
Subject: Re: 3550 security

> Hi Yinda,
>
> I ever thought of your solution. But if I did that, I wonder whether these
two
> will work as AND relation or OR relation since the question seems need to
be
> AND but two ACL on the same interface seems works as OR.
>
> Richard
> ----- Original Message -----
> From: Hotmail
> To: Richard Hanks ; Massimiliano Tognon ; ccielab@groupstudy.com
> Sent: Monday, January 06, 2003 9:30 PM
> Subject: Re: 3550 security
>
>
> I would simply use the layer 2 port ACL capability of the 3550. You can
> apply one IP ACL and one MAC ACL filter on a layer 2 port of the 3550.
>
> Yinka.
> ----- Original Message -----
> From: "Richard Hanks" <ccieingroup@hotmail.com>
> To: "Massimiliano Tognon" <mtognon@tecnonetspa.it>;
> <ccielab@groupstudy.com>
> Sent: Monday, January 06, 2003 3:12 PM
> Subject: Re: 3550 security
>
>
> > Hi Massimiliano,
> >
> > After you use the
> > switchport port-security mac-address 3333.4444.5555
> > switchport port-security maximum 1
> > Can we try to use another Port ACL(Which is s standard IP ACL) on this
> > interface to restrict the ideal ip address sourced from this port.
> > such as:
> >
> > access-list 1 permit host 192.168.1.8
> >
> > inter fa 1/1
> > ip access-group 1 in
> >
> > Then it seems the "Port-security" is (And) working with the standard
> input
> > Port ACL. Do you think it is a solution to your question? Longing for
> your
> > reply.
> >
> > Rgd,s
> > Richard
> >
> > ----- Original Message -----
> > From:
> > To: ccielab@groupstudy.com
> > Sent: Saturday, December 14, 2002 5:57 AM
> > Subject: 3550 security
> >
> >
> > hi folks, question for you...
> > how can i secure a 3550 port?
> > question is :
> > i can allow only 1 pc with specific mac-address (something like
> > ) AND specific IP ADDRESS (something like 192.168.1.8).
> > for mac-address i think to use port security, but what can i use for
ip
> > address?
> > 3550 fasteth is a layer 2 port not a routed (layer3) port...
> > any idea ?
> >
> > thanks
> > .
> > .
> .
> .
.

• Next message: Zeb Khan: "Re: 3550 security"
• Previous message: Aidan Marks: "Re: EIGRP Summary-address behavior"
• Maybe in reply to: Richard Hanks: "Re: 3550 security"
• Next in thread: Zeb Khan: "Re: 3550 security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:44 GMT-3