RE: port filtering

From: Evgeny Tantsura (ivgen@castel.nl)
Date: Wed Apr 02 2003 - 21:06:50 GMT-3

• Next message: Ciscolab: "Re: RE: How to convert Custom-Q to CBWFQ"
• Previous message: Richard Davidson: "lock and key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I opened this issue about 2 month ago.
I did a lot of tests.
There is no solution, you have to use some kind of layer 3 access-list.

> If I recall, and this has been talked about before,
>
> For L2, make sure you have
> Swithcport mode access
> Switchport port-security
> Switchport port-security <mac-address>
>
> And
> Do static ARP entry on the 3550
>
> Arp 150.50.120.3 0000.00001.00ab
>
> This should work,, it worked for me,
>
> Jin jung...
>
> -----Original Message-----
> From: Syv Ritch [mailto:syv@911networks.com]
> Sent: Monday, March 17, 2003 1:53 PM
> To: ccie1@hotmail.com
> Cc: ccielab@groupstudy.com
> Subject: Re: port filtering
>
>
> On Monday, March 17, 2003, ccie1@hotmail.com wrote:
>
> -----Original Message-----
>
> chc> I want to only allow mac-address 0800.E4D3.A2D1 with ip address
> chc> 12.3.1.1 on port fast-etjhernet 0/16 on my 3550. The requirement is
> chc> to not use layer 3 or layer 2 access-lists. I tried using
> chc> port-security with the mac-address but that doesnt seem to work.
> chc> Does anyone have any ideas on how to do this?
>
> What about:
>
> !vmps domain <domain-name>
> ! The VMPS domain must be defined.
> !vmps mode {open | secure}
> ! The default mode is open.
> !vmps fallback <vlan-name>
> !vmps no-domain-req { allow | deny }
> !
> ! The default value is allow.
> vmps domain DSBU
> vmps mode open
> vmps fallback default
> vmps no-domain-req deny
> !
> !
> !MAC Addresses
> !
> vmps-mac-addrs
> !
> ! address <addr> vlan-name <vlan_name>
> !
> address 0012.2233.4455 vlan-name hardware
> address 0000.6509.a080 vlan-name hardware
> address aabb.ccdd.eeff vlan-name Green
> address 1223.5678.9abc vlan-name ExecStaff
> address fedc.ba98.7654 vlan-name --NONE--
> address fedc.ba23.1245 vlan-name Purple
> !
> !Port Groups
> !
> !vmps-port-group <group-name>
> ! device <device-id> { port <port-name> | all-ports }
> !
> vmps-port-group WiringCloset1
> device 198.92.30.32 port 0/2
> device 172.20.26.141 port 0/8
> vmps-port-group "Executive Row"
> device 198.4.254.222 port 0/2
> device 198.4.254.222 port 0/3
> device 198.4.254.223 all-ports
>
>

With kind regards/ met vriendelijke groeten,
------------------------------------------------
E. Tantsura
Network Developer
Essent Kabelcom N.V.
Dr.van Deenweg 84
8025BN Zwolle, The Netherlands
Tel: +31-(0)38-850-7642
Fax: +31-(0)38-850-7410
Mob: +31-(0)6-290-80458
------------------------------------------------

• Next message: Ciscolab: "Re: RE: How to convert Custom-Q to CBWFQ"
• Previous message: Richard Davidson: "lock and key"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:35:45 GMT-3