RE: 3550 port security w/o L2 or L3 access-list

From: Donny MATEO (donny.mateo@sg.ca-indosuez.com)
Date: Mon Feb 10 2003 - 12:45:27 GMT-3

just give it a shot....seems like the command "no arp arpa" didn't do anything.
Anybody can confirmed or suggest another way to disable arp resolution on an interface ?

Donny

                                                                                                                                             
                      FRANCISCO JAVIER COPETE
                      AGUADO To: Group Study CCIE LAB <ccielab@groupstudy.com>
                      <F.COPETE.AGUADO@valenc cc: Cope <franciscoj_copete@ieci.es>
                      iamail.net> Subject: RE: 3550 port security w/o L2 or L3 access-list
                      Sent by:
                      nobody@groupstudy.com
                                                                                                                                             
                                                                                                                                             
                      10-02-2003 18:21
                      Please respond to
                      FRANCISCO JAVIER COPETE
                      AGUADO
                                                                                                                                             
                                                                                                                                             

Hi group,

If the problem is the dynamic arp entry , disabling arp on interfaz it
will solve the problem, isn't it?

interface FastEthernet0/1
 switchport mode access
 switchport port-security
 switchport port-security maximum 1
 switchport port-security mac-address 1234.1234.1234
 no arp arpa

arp 1.1.1.1 1234.1234.1234 ARPA fastEthernet 0/1

Any coments?

Regards.

Copete

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
KT Wee
Sent: Thursday, February 06, 2003 2:18 PM
To: ccielab@groupstudy.com
Subject: 3550 port security w/o L2 or L3 access-list

Hi Guys,

Got a scenario on 3550. Only allow packet with mac-address
1234.1234.1234 and ip address 1.1.1.1 to access port fa0/1. Cannot use
L2 or L3 access list. I though of using switchport port-security and arp
static mapping as follow:

interface FastEthernet0/1
 switchport mode access
 switchport port-security
 switchport port-security mac-address 1234.1234.1234

arp 1.1.1.1 1234.1234.1234 ARPA

I am able to ping to 1.1.1.1. But if I change the host to 1.1.1.2, I am
still able to ping to 1.1.1.2. This would go against the condition only
the host with 1.1.1.1 is allowed. I saw some thread similar before but
can't find anything in archive. Please help thanks.
.
This message is for information purposes only and its content
should not be construed as an offer, or solicitation of an offer,
to buy or sell any banking or financial instruments or services
and no representation or warranty is given in respect of its
accuracy, completeness or fairness. The material is subject
to change without notice. You should take your own independent
tax, legal and other professional advice in respect of the content
of this message. This message may contain confidential or
legally privileged material and may not be copied, redistributed
or published (in whole or in part) without our prior written consent.
This email may have been intercepted, partially destroyed,
arrive late, incomplete or contain viruses and no liability is
accepted by any member of the Credit Agricole Indosuez group
as a result. If you are not the intended recipient of this message,
please immediately notify the sender and delete this message
from your computer.
.

This archive was generated by hypermail 2.1.4 : Sat Mar 01 2003 - 11:06:17 GMT-3