From: Jung, Jin (jin.jung@lmco.com)
Date: Mon Mar 17 2003 - 17:37:59 GMT-3
If I recall, and this has been talked about before,
For L2, make sure you have
Swithcport mode access
Switchport port-security
Switchport port-security <mac-address>
And
Do static ARP entry on the 3550
Arp 150.50.120.3 0000.00001.00ab
This should work,, it worked for me,
Jin jung...
-----Original Message-----
From: Syv Ritch [mailto:syv@911networks.com]
Sent: Monday, March 17, 2003 1:53 PM
To: ccie1@hotmail.com
Cc: ccielab@groupstudy.com
Subject: Re: port filtering
On Monday, March 17, 2003, ccie1@hotmail.com wrote:
-----Original Message-----
chc> I want to only allow mac-address 0800.E4D3.A2D1 with ip address
chc> 12.3.1.1 on port fast-etjhernet 0/16 on my 3550. The requirement is
chc> to not use layer 3 or layer 2 access-lists. I tried using
chc> port-security with the mac-address but that doesnt seem to work.
chc> Does anyone have any ideas on how to do this?
What about:
!vmps domain <domain-name>
! The VMPS domain must be defined.
!vmps mode {open | secure}
! The default mode is open.
!vmps fallback <vlan-name>
!vmps no-domain-req { allow | deny }
!
! The default value is allow.
vmps domain DSBU
vmps mode open
vmps fallback default
vmps no-domain-req deny
!
!
!MAC Addresses
!
vmps-mac-addrs
!
! address <addr> vlan-name <vlan_name>
!
address 0012.2233.4455 vlan-name hardware
address 0000.6509.a080 vlan-name hardware
address aabb.ccdd.eeff vlan-name Green
address 1223.5678.9abc vlan-name ExecStaff
address fedc.ba98.7654 vlan-name --NONE--
address fedc.ba23.1245 vlan-name Purple
!
!Port Groups
!
!vmps-port-group <group-name>
! device <device-id> { port <port-name> | all-ports }
!
vmps-port-group WiringCloset1
device 198.92.30.32 port 0/2
device 172.20.26.141 port 0/8
vmps-port-group "Executive Row"
device 198.4.254.222 port 0/2
device 198.4.254.222 port 0/3
device 198.4.254.223 all-ports
-- Thanks syv@911networks.com
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:41 GMT-3