From: Robert Rech (brech@kc.rr.com)
Date: Mon Mar 17 2003 - 16:52:45 GMT-3
Could you use port security to solve the mac part of it and static arp
entries to take care of the IP part of the question.
----- Original Message -----
From: <ccie1@hotmail.com>
To: "Scott M. Livingston" <scottl@sprinthosting.net>;
<ccielab@groupstudy.com>
Sent: Monday, March 17, 2003 12:30 PM
Subject: Re: port filtering
> Im fairly confident that any description of a ip address on a question in
> the lab is used somewhere in the solution. Otherwise, why would they
bother
> mentioning it?
>
> Im just having trouble finding out where to plug the mac-address portion
of
> the question.
>
> Thanks for all your input Scott.
>
> ----- Original Message -----
> From: "Scott M. Livingston" <scottl@sprinthosting.net>
> To: <ccie1@hotmail.com>; <ccielab@groupstudy.com>
> Sent: Monday, March 17, 2003 10:19 AM
> Subject: RE: port filtering
>
>
> > I guess you could look at it another way too, but if this were a real
> > task in the lab you would need to ask the proctor about the following.
> >
> > The L3 address is just extra info and you really don't need to use
> > anything other than port security...??
> >
> > Thanks,
> > scott
> >
> > -----Original Message-----
> > From: ccie1@hotmail.com [mailto:ccie1@hotmail.com]
> > Sent: Monday, March 17, 2003 12:04 PM
> > To: Scott M. Livingston; ccielab@groupstudy.com
> > Subject: Re: port filtering
> >
> > Hi Scott:
> > I could use a vlan map, but vlan maps use access-lists, and
> > the
> > requirement is to not use any L3 or L2 access-lists. Am i missing
> > something
> > here?
> >
> >
> > ----- Original Message -----
> > From: "Scott M. Livingston" <scottl@sprinthosting.net>
> > To: <ccie1@hotmail.com>; <ccielab@groupstudy.com>
> > Sent: Monday, March 17, 2003 9:58 AM
> > Subject: RE: port filtering
> >
> >
> > > HMMMMM??? Port security will work for the L2 side of the task. What
> > > about the port security configuration didn't work for you? As far as
> > > using something for the L3 (host IP) I can only think of an L3 ip ACL.
> > > If there is more to the task than locking an IP to a port then I guess
> > > you could use a VLAN Map?
> > >
> > > Thanks,
> > > scott
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > ccie1@hotmail.com
> > > Sent: Monday, March 17, 2003 10:11 AM
> > > To: ccielab@groupstudy.com
> > > Subject: port filtering
> > >
> > > I know this has been discussed before, but i have tried some of the
> > > solutions
> > > people have posted and they dont seem to work:
> > >
> > > I want to only allow mac-address 0800.E4D3.A2D1 with ip address
> > 12.3.1.1
> > > on
> > > port fast-etjhernet 0/16 on my 3550. The requirement is to not use
> > layer
> > > 3 or
> > > layer 2 access-lists. I tried using port-security with the mac-address
> > > but
> > > that doesnt seem to work. Does anyone have any ideas on how to do
> > this?
> > >
> > > thanks in advance
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:41 GMT-3