AW: ARP Question?

From: Oliver Ziltener (ziltener@netcloud.ch)
Date: Fri Aug 01 2003 - 14:58:37 GMT-3

• Next message: Oliver Ziltener: "Solved: different behavior with port-security Cat4500 / Cat3550"
• Previous message: Walker, James - Is: "RE: GroupStudy Store Grand Opening ..."
• Next in thread: ccie2002@tampabay.rr.com: "Re: AW: ARP Question?"
• Maybe reply: ccie2002@tampabay.rr.com: "Re: AW: ARP Question?"
• Maybe reply: Glenn Johnson: "RE: AW: ARP Question?"
• Maybe reply: MMoniz: "RE: AW: ARP Question?"
• Maybe reply: Amer Mdanat (amdanat): "RE: AW: ARP Question?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Did you try "no arp arpa" on the unterface?

Oliver

-----Urspr|ngliche Nachricht-----
Von: Amer Mdanat (amdanat) [mailto:amdanat@cisco.com]
Gesendet: Donnerstag, 31. Juli 2003 18:03
An: g.duncanson; Glenn Johnson; ccielab@groupstudy.com
Betreff: RE: ARP Question?

So guys what if you only want to allow the host with MAC
[1111.2222.3333] which must also have IP address [1.1.1.1]
I guess the only way would be to use port security based on MAC address
to make sure that the port is only up when this MAC is connected and
also apply an ACL to only forward packets to and from 1.1.1.1? What do
you think? Any better way of doing this?

Amer

-----Original Message-----
From: g.duncanson [mailto:g.duncanson@pindar.com]
Sent: 30 July 2003 13:57
To: Glenn Johnson; ccielab@groupstudy.com
Subject: Re: ARP Question?

Just to agree with Glenn, I found this on the web..

http://www.cisco.com/en/US/products/hw/switches/ps646/products_configura
tion_guide_chapter09186a008007f37c.html#xtocid14

This example shows how to configure a secure MAC address on Fast
Ethernet port 12 and verify the configuration. Switch# configure
terminal

Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)# interface fastethernet0/12 Switch(config-if)# switchport
mode access Switch(config-if)# switchport port-security
Switch(config-if)# switchport port-security mac-address 1000.2000.3000
Switch(config-if)# end

Switch# show port-security address

          Secure Mac Address Table
------------------------------------------------------------
 
Vlan Mac Address Type Ports
---- ----------- ---- -----
   1 1000.2000.3000 SecureConfigured Fa0/12

On 7/30/03 6:50 AM, Glenn Johnson <gjcomcast@comcast.net> wrote:
>From what I can understand of your question, you want to:
>
> 1) Have one (and only one) host use FA0/10.
> 2) That host's MAC is 0000.2222.3333.
> 3) [I assume that you meant] No one else can use FA0/10.
>
> I would set this up with a MAC address as you did below and not
worry
>about the IP address issue. I think it's a distractor if your only
>goal is to limit access to one physical port to one physical MAC
>address/host.
>
>-----Original Message-----
>From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
>Of Poor
>Ghost
>Sent: Wednesday, July 30, 2003 1:25 AM
>To: ccielab@groupstudy.com
>Subject: ARP Question?
>
>
>Hi,all.
>
>A host is connected to the port Fa 0/10 of catalyst 3550,the ip address
>of
>the host is 192.168.20.5. Only permit one host can use this port
>with MAC
>address 0000.2222.3333. Anyone else can use this port(Fa 0/10).
>
>I configured the 3550 switch as flowing:
>
>int f 0/10
> switchport mode access
> switchport port-security
> switchport port-security mac-address 0000.2222.3333
> switchport violation shutdown
>!
>arp 192.168.20.5 0000.2222.3333 arpa fa0/10
>
>But,it did not work.
>I changed the ip add to 192.168.20.11,but I still can use the port
>Fa0/10.
>Pleas help me!
>
>
>_______________________________________________________________________
>You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>
>_______________________________________________________________________
>You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
>Subscription information may be found at:
>http://www.groupstudy.com/list/CCIELab.html
>
>

**********************************************************************
This email and its attachments are intended for the above
named only and may be confidential. If they have come to
you in error, you must take no action based on them, nor
must you copy or show them to anyone; please reply to this
email and highlight the error.
Security Warning: Please note that this email has been
created in the knowledge that the internet email is not a
100% secure communications medium. We advise that you
understand and observe this lack of security when emailing us.
Viruses: Although we have taken steps to ensure that this
email and attachments are free from any virus, we advise
that in keeping with good computing practice the recipient
should ensure they are actually virus free.
If you have received this email in error please notify:
postmaster@pindar.com
**********************************************************************

• Next message: Oliver Ziltener: "Solved: different behavior with port-security Cat4500 / Cat3550"
• Previous message: Walker, James - Is: "RE: GroupStudy Store Grand Opening ..."
• Next in thread: ccie2002@tampabay.rr.com: "Re: AW: ARP Question?"
• Maybe reply: ccie2002@tampabay.rr.com: "Re: AW: ARP Question?"
• Maybe reply: Glenn Johnson: "RE: AW: ARP Question?"
• Maybe reply: MMoniz: "RE: AW: ARP Question?"
• Maybe reply: Amer Mdanat (amdanat): "RE: AW: ARP Question?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:53:51 GMT-3