From: KT Wee (cciekt@yahoo.com)
Date: Thu Feb 06 2003 - 10:29:36 GMT-3
Yes, I tried "no arp arpa". But didn't help.
"Khalid A. Kaseb" <khalid_ameen@rayaintegration.com> wrote:May be you need no arp arpa under the interface conf.
switchport port-security max 1
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
KT Wee
Sent: Thursday, February 06, 2003 2:18 PM
To: ccielab@groupstudy.com
Subject: 3550 port security w/o L2 or L3 access-list
Hi Guys,
Got a scenario on 3550. Only allow packet with mac-address
1234.1234.1234 and ip address 1.1.1.1 to access port fa0/1. Cannot use
L2 or L3 access list. I though of using switchport port-security and arp
static mapping as follow:
interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security mac-address 1234.1234.1234
arp 1.1.1.1 1234.1234.1234 ARPA
I am able to ping to 1.1.1.1. But if I change the host to 1.1.1.2, I am
still able to ping to 1.1.1.2. This would go against the condition only
the host with 1.1.1.1 is allowed. I saw some thread similar before but
can't find anything in archive. Please help thanks.
Regards
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
.
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:12 GMT-3