From: Charles Church (cchurch@wamnet.com)
Date: Thu Aug 28 2003 - 12:22:37 GMT-3
James,
The port security is right, but I'd use an access-list on the port to limit
the IP address. A static ARP on the switch will only affect IP connectivity
between the switch's layer 3 address and the PC. It wouldn't limit the PC
from reaching other devices on the same VLAN.
Chuck Church
CCIE #8776, MCNE, MCSE
Wam!Net Government Services
13665 Dulles Technology Dr. Ste 250
Herndon, VA 20171
Office: 703-480-2569
Cell: 703-819-3495
cchurch@wamnet.com
PGP key: http://pgp.mit.edu:11371/pks/lookup?search=chuck+church&op=index
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
James Stewart
Sent: Thursday, August 28, 2003 8:52 AM
To: ccielab@groupstudy.com
Subject: 3550 port in public area
Hi group
My lab requirement is that a 3550 port f0/10 is in a public area and only
MAC address 0000.0c98.1234 with an IP address of 192.168.1.50 can get
access.
This is a similar question as to my '3550 Restrict Access' question.
There is was decided - I think, that port secruity and a static ARP was the
solution.
I have just read the config quide for the 3550 and have come across '802.1X
Port-Based Authentication'.
It says "The 802.1X standard defines a client-server-based access control
and authentication protocol that restricts unauthorized clients from
connecting to a LAN through publicly accessible ports.
The authentication server authenticates each client connected to a switch
port before making available any services offered by the switch or the LAN."
Does this requires an Authentication Server? Or can an ACL be used - if so
what type IP and/or MAC?
Is this method password protected rather than address protected?
Many thanks
Jim
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:09 GMT-3