From: Michael Snyder (msnyder@revolutioncomputer.com)
Date: Thu Feb 06 2003 - 14:06:04 GMT-3
Maybe not.
If a requirement states that you must use a route-map and not an
access-list, does that mean you can't use an access-list in the
route-map?
I view vlan-maps and route-maps as similar techniques.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Sam.MicroGate@usa.telekom.de
Sent: Thursday, February 06, 2003 10:00 AM
To: Paul.Casey@o2.com; Sam.MicroGate@usa.telekom.de; cciekt@yahoo.com;
ccielab@groupstudy.com
Subject: RE: 3550 port security w/o L2 or L3 access-list
Forgot this one. The requirement for this question is not to use an
access
list. Vlan map needs either name mac extended access list or an access
list.
Therefore the vlan map solution does not meet the requirements.
Sam
-----Original Message-----
From: Casey, Paul (6822) [mailto:Paul.Casey@o2.com]
Sent: Thursday, February 06, 2003 9:29 AM
To: 'Sam.MicroGate@usa.telekom.de'; 'cciekt@yahoo.com';
'ccielab@groupstudy.com'
Subject: RE: 3550 port security w/o L2 or L3 access-list
I wonder could you use a vlan-access-map in conjunction with port
security
Put port in vlax x
Add port security for the mac-address you want,
And the add a vlan-access-map for this vlan stating traffic only from
the
particular ip address you want,
This might achieve the desired solution.
Just throwing up ideas..
-----Original Message-----
From: Sam.MicroGate@usa.telekom.de [mailto:Sam.MicroGate@usa.telekom.de]
Sent: 06 February 2003 13:31
To: cciekt@yahoo.com; Sam.MicroGate@usa.telekom.de;
ccielab@groupstudy.com
Subject: RE: 3550 port security w/o L2 or L3 access-list
Any input/help from the 3550 experts out there?
Sam
-----Original Message-----
From: KT Wee [mailto:cciekt@yahoo.com]
Sent: Thursday, February 06, 2003 8:29 AM
To: Sam.MicroGate@usa.telekom.de; ccielab@groupstudy.com
Subject: RE: 3550 port security w/o L2 or L3 access-list
I clear the arp cache before changeing the ip address. Didn't help.
Sam.MicroGate@usa.telekom.de wrote:
Did you clear the arp cache before changing the IP address?
Sam
-----Original Message-----
From: KT Wee [mailto:cciekt@yahoo.com]
Sent: Thursday, February 06, 2003 7:18 AM
To: ccielab@groupstudy.com
Subject: 3550 port security w/o L2 or L3 access-list
Hi Guys,
Got a scenario on 3550. Only allow packet with mac-address
1234.1234.1234
and ip address 1.1.1.1 to access port fa0/1. Cannot use L2 or L3 access
list. I though of using switchport port-security and arp static mapping
as
follow:
interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security mac-address 1234.1234.1234
arp 1.1.1.1 1234.1234.1234 ARPA
I am able to ping to 1.1.1.1. But if I change the host to 1.1.1.2, I am
still able to ping to 1.1.1.2. This would go against the condition only
the
host with 1.1.1.1 is allowed. I saw some thread similar before but can't
find anything in archive. Please help thanks.
Regards
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
_____
Do you Yahoo!?
Yahoo! News <http://news.yahoo.com/> - Today's headlines
************************************************************************
****
************
This E-mail is from O2. The E-mail and any files
transmitted with it are confidential and may also be privileged and
intended
solely for the use of the individual or entity to whom they are
addressed.
Any unauthorised direct or indirect dissemination, distribution or
copying
of this message and any attachments is strictly prohibited. If you have
received the E-mail in error please notify postmaster@O2.com or
telephone ++ 353 1 6095000.
************************************************************************
****
*************
.
.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:12 GMT-3