From: Jon Campbell (jcampbell2000@earthlink.net)
Date: Sun Aug 24 2003 - 11:03:54 GMT-3
Of course, if the task is to "restict access to port f0/1 to only a
single PC with a mac address
0000.000d.1234.5678 and an IP address of 192.168.1.10/24", you would
need the access-list. I'll stop obsessing now :-).
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jon Campbell
Sent: Saturday, August 23, 2003 3:34 PM
To: 'James Stewart'; ccielab@groupstudy.com
Subject: RE: 3550 restict access
Why the need for the access-list?? The port-security will restrict the
port to the mac-address no matter what the IP address is.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
James Stewart
Sent: Wednesday, August 20, 2003 2:17 PM
To: ccielab@groupstudy.com
Subject: 3550 restict access
Hi all
I need to restict access to port f0/1 to only a single PC with a mac
address
0000.000d.1234.5678 which has an IP address of 192.168.1.10/24. Is the
way forward to use interface fastethernet0/1 switchport port-security
switchport port-security maximum 1 switchport port-security mac-address
0000.000d.1234.5678.
Then use an access list on the port
access-list 1 permit host 192.168.1.10
interface fastethernet0/1
access-group 1 in
Or is there a better way?
Over to you
Thanks Jim
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:05 GMT-3