From: Charles Yin (yin1752@ms4.hinet.net)
Date: Sun Aug 24 2003 - 23:09:36 GMT-3
Hi guys,
You can put the port security. Set the port Max connection=1 and port security only allow 0000.000d.1234.5678! then that you need to put a static ARP table. Please try to not use ACL to filter!
Best regards
Charles Yin
E-mail : yin1752@ms4.hinet.net
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of Jon Campbell
Sent: Sunday, August 24, 2003 10:04 PM
To: 'Jon Campbell'; 'James Stewart'; ccielab@groupstudy.com
Subject: RE: 3550 restict access
Of course, if the task is to "restict access to port f0/1 to only a
single PC with a mac address
0000.000d.1234.5678 and an IP address of 192.168.1.10/24", you would
need the access-list. I'll stop obsessing now :-).
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jon Campbell
Sent: Saturday, August 23, 2003 3:34 PM
To: 'James Stewart'; ccielab@groupstudy.com
Subject: RE: 3550 restict access
Why the need for the access-list?? The port-security will restrict the
port to the mac-address no matter what the IP address is.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
James Stewart
Sent: Wednesday, August 20, 2003 2:17 PM
To: ccielab@groupstudy.com
Subject: 3550 restict access
Hi all
I need to restict access to port f0/1 to only a single PC with a mac
address
0000.000d.1234.5678 which has an IP address of 192.168.1.10/24. Is the
way forward to use interface fastethernet0/1 switchport port-security
switchport port-security maximum 1 switchport port-security mac-address
0000.000d.1234.5678.
Then use an access list on the port
access-list 1 permit host 192.168.1.10
interface fastethernet0/1
access-group 1 in
Or is there a better way?
Over to you
Thanks Jim
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:06 GMT-3