From: Jung, Jin (jin.jung@lmco.com)
Date: Wed Mar 19 2003 - 11:08:11 GMT-3
Absolutely!!!
One thing to add, If you go back to exam with cat5000, we had this same kind
of question for cat5000,, " only allow host with ip address x.x.x.x with Mac
address X.X.X on port 3/6 .... "
This solution for this was to enable port-security nothing but
port-security,
Now only difference is we have cat3550, but the question is basically
same...
Yes, cat3550 has a lots of new features, but for this question, concept did
not change.
Jin jung...
-----Original Message-----
From: Larson, Chris [mailto:CLarson@usaid.gov]
Sent: Tuesday, March 18, 2003 2:41 PM
To: 'ccie1@hotmail.com'; Scott M. Livingston; ccielab@groupstudy.com
Subject: RE: port filtering
If your confident that any description of an IP address or anything else
means it is probably used in the solution then it is likely you have not
been to the lab yet. Some questions are meant to confuse and/or have
superflous information that has no relevance to the solution whatsoever.
This is one of the ways to distinguish between candidates who know the
technology and those who may not. It won't take a good candidate too long to
figure out that port-security is what the proctor or exam is probably
looking for as it is the solution that will most completely meet the
requirements of the questions.
> -----Original Message-----
> From: ccie1@hotmail.com [SMTP:ccie1@hotmail.com]
> Sent: Monday, March 17, 2003 1:31 PM
> To: Scott M. Livingston; ccielab@groupstudy.com
> Subject: Re: port filtering
>
> Im fairly confident that any description of a ip address on a question
> in the lab is used somewhere in the solution. Otherwise, why would
> they bother mentioning it?
>
> Im just having trouble finding out where to plug the mac-address
> portion of the question.
>
> Thanks for all your input Scott.
>
> ----- Original Message -----
> From: "Scott M. Livingston" <scottl@sprinthosting.net>
> To: <ccie1@hotmail.com>; <ccielab@groupstudy.com>
> Sent: Monday, March 17, 2003 10:19 AM
> Subject: RE: port filtering
>
>
> > I guess you could look at it another way too, but if this were a
> > real task in the lab you would need to ask the proctor about the
> > following.
> >
> > The L3 address is just extra info and you really don't need to use
> > anything other than port security...??
> >
> > Thanks,
> > scott
> >
> > -----Original Message-----
> > From: ccie1@hotmail.com [mailto:ccie1@hotmail.com]
> > Sent: Monday, March 17, 2003 12:04 PM
> > To: Scott M. Livingston; ccielab@groupstudy.com
> > Subject: Re: port filtering
> >
> > Hi Scott:
> > I could use a vlan map, but vlan maps use access-lists,
> > and the requirement is to not use any L3 or L2 access-lists. Am i
> > missing something
> > here?
> >
> >
> > ----- Original Message -----
> > From: "Scott M. Livingston" <scottl@sprinthosting.net>
> > To: <ccie1@hotmail.com>; <ccielab@groupstudy.com>
> > Sent: Monday, March 17, 2003 9:58 AM
> > Subject: RE: port filtering
> >
> >
> > > HMMMMM??? Port security will work for the L2 side of the task.
> > > What about the port security configuration didn't work for you? As
> > > far as using something for the L3 (host IP) I can only think of an
> > > L3 ip ACL. If there is more to the task than locking an IP to a
> > > port then I guess you could use a VLAN Map?
> > >
> > > Thanks,
> > > scott
> > >
> > > -----Original Message-----
> > > From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
> > > Behalf
> > Of
> > > ccie1@hotmail.com
> > > Sent: Monday, March 17, 2003 10:11 AM
> > > To: ccielab@groupstudy.com
> > > Subject: port filtering
> > >
> > > I know this has been discussed before, but i have tried some of
> > > the solutions people have posted and they dont seem to work:
> > >
> > > I want to only allow mac-address 0800.E4D3.A2D1 with ip address
> > 12.3.1.1
> > > on
> > > port fast-etjhernet 0/16 on my 3550. The requirement is to not use
> > layer
> > > 3 or
> > > layer 2 access-lists. I tried using port-security with the
> > > mac-address but that doesnt seem to work. Does anyone have any
> > > ideas on how to do
> > this?
> > >
> > > thanks in advance
This archive was generated by hypermail 2.1.4 : Sat Apr 05 2003 - 08:51:42 GMT-3