From: enyi abajue (eabajue@yahoo.co.uk)
Date: Thu Feb 06 2003 - 17:25:43 GMT-3
Hi,
I am not too sure I can agree, there are three types of ACLs for the 3550 viz Router (L3) ACLs, Port (L2) ACLs and Vlan access-maps and the requirement was not to use L3 nor L2 ACLs, where I really worry is whether putting the port in a separate Vlan is an issue as only flows with that ip address or mac address as source will be allowed in any direction within the vlan.
Sam.MicroGate@usa.telekom.de wrote:Forgot this one. The requirement for this question is not to use an access
list. Vlan map needs either name mac extended access list or an access list.
Therefore the vlan map solution does not meet the requirements.
Sam
-----Original Message-----
From: Casey, Paul (6822) [mailto:Paul.Casey@o2.com]
Sent: Thursday, February 06, 2003 9:29 AM
To: 'Sam.MicroGate@usa.telekom.de'; 'cciekt@yahoo.com';
'ccielab@groupstudy.com'
Subject: RE: 3550 port security w/o L2 or L3 access-list
I wonder could you use a vlan-access-map in conjunction with port security
Put port in vlax x
Add port security for the mac-address you want,
And the add a vlan-access-map for this vlan stating traffic only from the
particular ip address you want,
This might achieve the desired solution.
Just throwing up ideas..
-----Original Message-----
From: Sam.MicroGate@usa.telekom.de [mailto:Sam.MicroGate@usa.telekom.de]
Sent: 06 February 2003 13:31
To: cciekt@yahoo.com; Sam.MicroGate@usa.telekom.de; ccielab@groupstudy.com
Subject: RE: 3550 port security w/o L2 or L3 access-list
Any input/help from the 3550 experts out there?
Sam
-----Original Message-----
From: KT Wee [mailto:cciekt@yahoo.com]
Sent: Thursday, February 06, 2003 8:29 AM
To: Sam.MicroGate@usa.telekom.de; ccielab@groupstudy.com
Subject: RE: 3550 port security w/o L2 or L3 access-list
I clear the arp cache before changeing the ip address. Didn't help.
Sam.MicroGate@usa.telekom.de wrote:
Did you clear the arp cache before changing the IP address?
Sam
-----Original Message-----
From: KT Wee [mailto:cciekt@yahoo.com]
Sent: Thursday, February 06, 2003 7:18 AM
To: ccielab@groupstudy.com
Subject: 3550 port security w/o L2 or L3 access-list
Hi Guys,
Got a scenario on 3550. Only allow packet with mac-address 1234.1234.1234
and ip address 1.1.1.1 to access port fa0/1. Cannot use L2 or L3 access
list. I though of using switchport port-security and arp static mapping as
follow:
interface FastEthernet0/1
switchport mode access
switchport port-security
switchport port-security mac-address 1234.1234.1234
arp 1.1.1.1 1234.1234.1234 ARPA
I am able to ping to 1.1.1.1. But if I change the host to 1.1.1.2, I am
still able to ping to 1.1.1.2. This would go against the condition only the
host with 1.1.1.1 is allowed. I saw some thread similar before but can't
find anything in archive. Please help thanks.
Regards
---------------------------------
Do you Yahoo!?
Yahoo! Mail Plus - Powerful. Affordable. Sign up now
_____
Do you Yahoo!?
Yahoo! News - Today's headlines
****************************************************************************
************
This E-mail is from O2. The E-mail and any files
transmitted with it are confidential and may also be privileged and intended
solely for the use of the individual or entity to whom they are addressed.
Any unauthorised direct or indirect dissemination, distribution or copying
of this message and any attachments is strictly prohibited. If you have
received the E-mail in error please notify postmaster@O2.com or
telephone ++ 353 1 6095000.
****************************************************************************
*************
.
---------------------------------
With Yahoo! Mail you can get a bigger mailbox -- choose a size that fits your needs
.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:13 GMT-3