From: Daniel Cisco Group Study (danielcgs@imc.net.au)
Date: Fri May 09 2003 - 19:55:31 GMT-3
I don't think that VLAN Maps will help here. I know that people have suggested it in the past, but I have never seen a config to do this, nor can I think of one....
Anyone?
Daniel
-----Original Message-----
From: bobby [mailto:bobby1@ctimail3.com]
Sent: Tuesday, 22 April 2003 20:34
To: ccielab@groupstudy.com
Subject: Reg: Port security
Hi,
I want to only allow mac-address 0800.E4D3.A2D1 with ip address 10.1.1.1 on
port fast-etjhernet 0/10 on my 3550. The requirement is to not use layer 3 or
layer 2 access-lists. I have used port security and here are my configs :
interface FastEthernet 0/10
switchport port-security
switchport port-security maximum 1
switchport port-security mac-address 8000.E4D3.A2D1
Now the above will tack care for the mac address part. Now for the ip part I
have seen some posting mentioning to use
static arp entry also :
arp 10.1.1.1 8000.E4D3.A2D1
Even the above is not working. Now the only solution left
out is use vlan maps. But it will block the traffic in the whole vlan for the
particular ip address
Any advise / comments ?
Tks
**********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom they
are addressed. If you have received this email in error please notify
the system manager.
This footnote also confirms that this email message has been swept by
MIMEsweeper for the presence of computer viruses.
www.mimesweeper.com
**********************************************************************
This archive was generated by hypermail 2.1.4 : Mon Jun 02 2003 - 15:13:40 GMT-3