From: boby2kusa@hotmail.com
Date: Thu Aug 28 2003 - 13:47:09 GMT-3
I think the requirement is throwing the IP address in there but actually if
you confiugre port security and use the mac address and limit the port to
one mac. It does not matter what the IP address is if that port detected a
mac address that is not allowed it will not connect that PC/Laptop. You can
alos use vlan map for the ip address which just basically mean you'll be
blocking this ip address from going through this switch. Vlan maps is not
tied to any port, but I think port security is enough. Test it out in the
lab and you'll see what I'm talking about.
----- Original Message -----
From: "James Stewart" <j_t_s_stewart@hotmail.com>
To: <jhays@jtan.com>; <ccielab@groupstudy.com>
Sent: Thursday, August 28, 2003 6:50 AM
Subject: RE: 3550 port in public area
> Hi Jonathan
>
> The link is where I got the information for the question/query.
> What I would like to know is an appropriate solution, or is it a sledge
> hammer to crack a very small nut.
> The restiction is for MAC/IP address, not a password. Does 802.1X solve
> this?
>
> Many thanks
> Jim
>
>
> >From: "Jonathan V Hays" <jhays@jtan.com>
> >To: "'James Stewart'"
<j_t_s_stewart@hotmail.com>,<ccielab@groupstudy.com>
> >Subject: RE: 3550 port in public area
> >Date: Thu, 28 Aug 2003 09:32:02 -0400
> >
> >Reading this link will probably answer most of your questions.
> >
> >http://www.cisco.com/univercd/cc/td/doc/product/lan/c3550/12114ea1/3550s
> >cg/sw8021x.htm
> >
> >
> >-----Original Message-----
> >From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
> >James Stewart
> >Sent: Thursday, August 28, 2003 8:52 AM
> >To: ccielab@groupstudy.com
> >Subject: 3550 port in public area
> >
> >
> >Hi group
> >
> >My lab requirement is that a 3550 port f0/10 is in a public area and
> >only
> >MAC address 0000.0c98.1234 with an IP address of 192.168.1.50 can get
> >access.
> >This is a similar question as to my '3550 Restrict Access' question.
> >
> >There is was decided - I think, that port secruity and a static ARP was
> >the
> >solution.
> >
> >I have just read the config quide for the 3550 and have come across
> >'802.1X
> >Port-Based Authentication'.
> >It says "The 802.1X standard defines a client-server-based access
> >control
> >and authentication protocol that restricts unauthorized clients from
> >connecting to a LAN through publicly accessible ports.
> >The authentication server authenticates each client connected to a
> >switch
> >port before making available any services offered by the switch or the
> >LAN."
> >Does this requires an Authentication Server? Or can an ACL be used - if
> >so
> >what type IP and/or MAC?
> >
> >Is this method password protected rather than address protected?
> >
> >Many thanks
> >Jim
> >
> >_________________________________________________________________
> >Express yourself with cool emoticons - download MSN Messenger today!
> >http://www.msn.co.uk/messenger
> >
> >
> >_______________________________________________________________________
> >You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
> >
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
> >
> >
> >
> >
>
> _________________________________________________________________
> Tired of 56k? Get a FREE BT Broadband connection
> http://www.msn.co.uk/specials/btbroadband
>
>
> _______________________________________________________________________
> You are subscribed to the GroupStudy.com CCIE R&S Discussion Group.
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Tue Sep 02 2003 - 18:54:09 GMT-3