RE: 3550 restict access

From: Mike Williams (ccie2be@swbell.net)
Date: Mon Aug 25 2003 - 01:33:41 GMT-3

• Next message: Alvarez, Rolando [NCSUS]: "RE: Cat3550: strange problem"
• Previous message: wsqccie@hotmail.com: "Re: nat sample"
• Maybe in reply to: James Stewart: "3550 restict access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

The static ARP only matters if the switch is the L3 devices routing for
that PC's subnet tho. If it's simply acting as the L2 switch, a static
ARP entry would only let the switch itself resolve the IP to a MAC, not
other devices in the subnet, and therefore the PC would still be able to
communicate IP with other IP addresses......

Mike W.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Charles Yin
Sent: Sunday, August 24, 2003 9:10 PM
To: Jon Campbell; 'James Stewart'; ccielab@groupstudy.com
Subject: RE: 3550 restict access

Hi guys,
You can put the port security. Set the port Max connection=1 and port
security only allow 0000.000d.1234.5678! then that you need to put a
static ARP table. Please try to not use ACL to filter!

Best regards

Charles Yin
E-mail : yin1752@ms4.hinet.net

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Jon Campbell
Sent: Sunday, August 24, 2003 10:04 PM
To: 'Jon Campbell'; 'James Stewart'; ccielab@groupstudy.com
Subject: RE: 3550 restict access

Of course, if the task is to "restict access to port f0/1 to only a
single PC with a mac address 0000.000d.1234.5678 and an IP address of
192.168.1.10/24", you would need the access-list. I'll stop obsessing
now :-).

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Jon Campbell
Sent: Saturday, August 23, 2003 3:34 PM
To: 'James Stewart'; ccielab@groupstudy.com
Subject: RE: 3550 restict access

Why the need for the access-list?? The port-security will restrict the
port to the mac-address no matter what the IP address is.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
James Stewart
Sent: Wednesday, August 20, 2003 2:17 PM
To: ccielab@groupstudy.com
Subject: 3550 restict access

Hi all

I need to restict access to port f0/1 to only a single PC with a mac
address 0000.000d.1234.5678 which has an IP address of 192.168.1.10/24.
Is the way forward to use interface fastethernet0/1 switchport
port-security switchport port-security maximum 1 switchport
port-security mac-address 0000.000d.1234.5678.

Then use an access list on the port
access-list 1 permit host 192.168.1.10
interface fastethernet0/1
access-group 1 in

Or is there a better way?

Over to you

Thanks Jim

• Next message: Alvarez, Rolando [NCSUS]: "RE: Cat3550: strange problem"
• Previous message: wsqccie@hotmail.com: "Re: nat sample"
• Maybe in reply to: James Stewart: "3550 restict access"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:06 GMT-3