Reg: Port security

From: bobby (bobby1@ctimail3.com)
Date: Tue Apr 22 2003 - 07:33:38 GMT-3

• Next message: pierreg : "Re: ospf over nbma- neighbor statements necessary on which"
• Previous message: Daniel Cisco Group Study: "RE: Frame Relay: Map disables Inverse Arp? SOLVED!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Hi,

I want to only allow mac-address 0800.E4D3.A2D1 with ip address 10.1.1.1 on
port fast-etjhernet 0/10 on my 3550. The requirement is to not use layer 3 or
layer 2 access-lists. I have used port security and here are my configs :

interface FastEthernet 0/10
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address 8000.E4D3.A2D1

Now the above will tack care for the mac address part. Now for the ip part I
have seen some posting mentioning to use
static arp entry also :

arp 10.1.1.1 8000.E4D3.A2D1

Even the above is not working. Now the only solution left
out is use vlan maps. But it will block the traffic in the whole vlan for the
particular ip address

Any advise / comments ?

Tks

• Next message: pierreg : "Re: ospf over nbma- neighbor statements necessary on which"
• Previous message: Daniel Cisco Group Study: "RE: Frame Relay: Map disables Inverse Arp? SOLVED!!!"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Thu May 01 2003 - 13:36:00 GMT-3