Re: 3550 security

From: Zeb Khan (zeb.khan@environment-agency.gov.uk)
Date: Tue Jan 07 2003 - 08:07:59 GMT-3

• Next message: Hunt Lee: "NTP"
• Previous message: Yinka Daramola: "Re: 3550 security"
• Maybe in reply to: Richard Hanks: "Re: 3550 security"
• Next in thread: ccieingroup@hotmail.com: "Re: 3550 security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Beware! adding IP access list on some 3550s can cause its routing to fall over entirely!

What Richard has suggested is correct but watch out for this bug.

Cheers Zeb

>>> "Richard Hanks" <ccieingroup@hotmail.com> 06/01/2003 23:12:21 >>>
Hi Massimiliano,

After you use the
switchport port-security mac-address 3333.4444.5555
switchport port-security maximum 1
Can we try to use another Port ACL(Which is s standard IP ACL) on this
interface to restrict the ideal ip address sourced from this port.
such as:

access-list 1 permit host 192.168.1.8

inter fa 1/1
   ip access-group 1 in

Then it seems the "Port-security" is (And) working with the standard input
Port ACL. Do you think it is a solution to your question? Longing for your
reply.

Rgd,s
Richard

  ----- Original Message -----
  From:
  To: ccielab@groupstudy.com
  Sent: Saturday, December 14, 2002 5:57 AM
  Subject: 3550 security

  hi folks, question for you...
  how can i secure a 3550 port?
  question is :
  i can allow only 1 pc with specific mac-address (something like
  ) AND specific IP ADDRESS (something like 192.168.1.8).
  for mac-address i think to use port security, but what can i use for ip
  address?
  3550 fasteth is a layer 2 port not a routed (layer3) port...
  any idea ?

  thanks
  .
.
**********************************************************************
This message is confidential as it contains information about the person we are sending it to. If you have received this message by mistake, please delete it and do not copy it to anyone else.

If this message contains information that you have requested from us please see our standard notice for details of how you may use that information. If the notice is not attached and you require a copy please telephone 0845 9333111 and ask for the customer contact.

For further information about the Environment Agency call the number above or look at our web site at http://www.environment-agency.gov.uk

**********************************************************************
.

• Next message: Hunt Lee: "NTP"
• Previous message: Yinka Daramola: "Re: 3550 security"
• Maybe in reply to: Richard Hanks: "Re: 3550 security"
• Next in thread: ccieingroup@hotmail.com: "Re: 3550 security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sat Feb 01 2003 - 07:33:44 GMT-3