From: Larson, Chris (CLarson@usaid.gov)
Date: Tue Mar 18 2003 - 16:41:15 GMT-3
If your confident that any description of an IP address or anything else
means it is probably used in the solution then it is likely you have not
been to the lab yet. Some questions are meant to confuse and/or have
superflous information that has no relevance to the solution whatsoever.
This is one of the ways to distinguish between candidates who know the
technology and those who may not. It won't take a good candidate too long to
figure out that port-security is what the proctor or exam is probably
looking for as it is the solution that will most completely meet the
requirements of the questions.
> -----Original Message-----
> From: ccie1@hotmail.com [SMTP:ccie1@hotmail.com]
> Sent: Monday, March 17, 2003 1:31 PM
> To: Scott M. Livingston; ccielab@groupstudy.com
> Subject: Re: port filtering
>
> Im fairly confident that any description of a ip address on a question in
> the lab is used somewhere in the solution. Otherwise, why would they
> bother
> mentioning it?
>
> Im just having trouble finding out where to plug the mac-address portion
> of
> the question.
>
> Thanks for all your input Scott.
>
> ----- Original Message -----
> From: "Scott M. Livingston" <scottl@sprinthosting.net>
> To: <ccie1@hotmail.com>; <ccielab@groupstudy.com>
> Sent: Monday, March 17, 2003 10:19 AM
> Subject: RE: port filtering
>
>
> > I guess you could look at it another way too, but if this were a real
> > task in the lab you would need to ask the proctor about the following.
> >
> > The L3 address is just extra info and you really don't need to use
> > anything other than port security...??
> >
> > Thanks,
> > scott
> >
> > -----Original Message-----
> > From: ccie1@hotmail.com [mailto:ccie1@hotmail.com]
> > Sent: Monday, March 17, 2003 12:04 PM
> > To: Scott M. Livingston; ccielab@groupstudy.com
> > Subject: Re: port filtering
> >
> > Hi Scott:
> > I could use a vlan map, but vlan maps use access-lists, and
> > the
> > requirement is to not use any L3 or L2 access-lists. Am i missing
> > something
> > here?
> >
> >
> > ----- Original Message -----
> > From: "Scott M. Livingston" <scottl@sprinthosting.net>
> > To: <ccie1@hotmail.com>; <ccielab@groupstudy.com>
> > Sent: Monday, March 17, 2003 9:58 AM
> > Subject: RE: port filtering
> >
> >
> > > HMMMMM??? Port security will work for the L2 side of the task. What
> > > about the port security configuration didn't work for you? As far as
> > > using something for the L3 (host IP) I can only think of an L3 ip ACL.
> > > If there is more to the task than locking an IP to a port then I guess
> > > you could use a VLAN Map?
> > >
> > > Thanks,
> > > scott
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
> > Of
> > > ccie1@hotmail.com
> > > Sent: Monday, March 17, 2003 10:11 AM
> > > To: ccielab@groupstudy.com
> > > Subject: port filtering
> > >
> > > I know this has been discussed before, but i have tried some of the
> > > solutions
> > > people have posted and they dont seem to work:
> > >
> > > I want to only allow mac-address 0800.E4D3.A2D1 with ip address
> > 12.3.1.1
> > > on
> > > port fast-etjhernet 0/16 on my 3550. The requirement is to not use
> > layer
> > > 3 or
> > > layer 2 access-lists. I tried using port-security with the mac-address
> > > but
> > > that doesnt seem to work. Does anyone have any ideas on how to do
> > this?
> > >
> > > thanks in advance
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:41 GMT-3