From: Jung, Jin (jin.jung@lmco.com)
Date: Mon Mar 17 2003 - 17:53:56 GMT-3
Well,,
No
But is it true that, it will accept some other ip address only if you
configure it on the 3550, if you only configure single static arp for this
address, switch will only accept this ip only?
Jin jung...
-----Original Message-----
From: ccie1@hotmail.com [mailto:ccie1@hotmail.com]
Sent: Monday, March 17, 2003 3:44 PM
To: Jung, Jin; 'Syv Ritch'
Cc: ccielab@groupstudy.com
Subject: Re: port filtering
Hi Jin:
Actually i thought of specifying a static arp, but after talking
with others, that is not the correct solution. You can have multiple ip
addresses to the same mac-address, just not the other way around, so a
static arp may not be the answer. Any other ideas?
----- Original Message -----
From: "Jung, Jin" <jin.jung@lmco.com>
To: "'Syv Ritch'" <syv@911networks.com>; <ccie1@hotmail.com>
Cc: <ccielab@groupstudy.com>
Sent: Monday, March 17, 2003 12:37 PM
Subject: RE: port filtering
>
>
> If I recall, and this has been talked about before,
>
> For L2, make sure you have
> Swithcport mode access
> Switchport port-security
> Switchport port-security <mac-address>
>
> And
> Do static ARP entry on the 3550
>
> Arp 150.50.120.3 0000.00001.00ab
>
> This should work,, it worked for me,
>
> Jin jung...
>
> -----Original Message-----
> From: Syv Ritch [mailto:syv@911networks.com]
> Sent: Monday, March 17, 2003 1:53 PM
> To: ccie1@hotmail.com
> Cc: ccielab@groupstudy.com
> Subject: Re: port filtering
>
>
> On Monday, March 17, 2003, ccie1@hotmail.com wrote:
>
> -----Original Message-----
>
> chc> I want to only allow mac-address 0800.E4D3.A2D1 with ip address
> chc> 12.3.1.1 on port fast-etjhernet 0/16 on my 3550. The requirement
> chc> is to not use layer 3 or layer 2 access-lists. I tried using
> chc> port-security with the mac-address but that doesnt seem to work.
> chc> Does anyone have any ideas on how to do this?
>
> What about:
>
> !vmps domain <domain-name>
> ! The VMPS domain must be defined.
> !vmps mode {open | secure}
> ! The default mode is open.
> !vmps fallback <vlan-name>
> !vmps no-domain-req { allow | deny }
> !
> ! The default value is allow.
> vmps domain DSBU
> vmps mode open
> vmps fallback default
> vmps no-domain-req deny
> !
> !
> !MAC Addresses
> !
> vmps-mac-addrs
> !
> ! address <addr> vlan-name <vlan_name>
> !
> address 0012.2233.4455 vlan-name hardware
> address 0000.6509.a080 vlan-name hardware
> address aabb.ccdd.eeff vlan-name Green
> address 1223.5678.9abc vlan-name ExecStaff
> address fedc.ba98.7654 vlan-name --NONE--
> address fedc.ba23.1245 vlan-name Purple
> !
> !Port Groups
> !
> !vmps-port-group <group-name>
> ! device <device-id> { port <port-name> | all-ports }
> !
> vmps-port-group WiringCloset1
> device 198.92.30.32 port 0/2
> device 172.20.26.141 port 0/8
> vmps-port-group "Executive Row"
> device 198.4.254.222 port 0/2
> device 198.4.254.222 port 0/3
> device 198.4.254.223 all-ports
>
> --
> Thanks
> syv@911networks.com
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:41 GMT-3