From: Yinka Daramola (o_daramola@hotmail.com)
Date: Thu Feb 06 2003 - 20:08:41 GMT-3
Try setting the arp timeout to zero
You seem to be the right direction.
Yinka Daramola, MCSE, CCNP RHCE
Red Hat Inc.
----- Original Message -----
From: "KT Wee" <cciekt@yahoo.com>
To: <Sam.MicroGate@usa.telekom.de>; <ccielab@groupstudy.com>
Sent: Thursday, February 06, 2003 5:28 AM
Subject: RE: 3550 port security w/o L2 or L3 access-list
> I clear the arp cache before changeing the ip address. Didn't help.
> Sam.MicroGate@usa.telekom.de wrote:Did you clear the arp cache before
changing the IP address?
>
> Sam
>
>
> -----Original Message-----
> From: KT Wee [mailto:cciekt@yahoo.com]
> Sent: Thursday, February 06, 2003 7:18 AM
> To: ccielab@groupstudy.com
> Subject: 3550 port security w/o L2 or L3 access-list
>
>
> Hi Guys,
>
> Got a scenario on 3550. Only allow packet with mac-address 1234.1234.1234
> and ip address 1.1.1.1 to access port fa0/1. Cannot use L2 or L3 access
> list. I though of using switchport port-security and arp static mapping as
> follow:
>
> interface FastEthernet0/1
> switchport mode access
> switchport port-security
> switchport port-security mac-address 1234.1234.1234
>
> arp 1.1.1.1 1234.1234.1234 ARPA
>
> I am able to ping to 1.1.1.1. But if I change the host to 1.1.1.2, I am
> still able to ping to 1.1.1.2. This would go against the condition only
the
> host with 1.1.1.1 is allowed. I saw some thread similar before but can't
> find anything in archive. Please help thanks.
>
>
>
> Regards
>
>
>
> ---------------------------------
> Do you Yahoo!?
> Yahoo! Mail Plus - Powerful. Affordable. Sign up now
> ---------------------------------
> Do you Yahoo!?
> Yahoo! News - Today's headlines
> .
.
This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:13 GMT-3