From: David Hiers (David_Hiers@adp.com)
Date: Tue Dec 02 2003 - 21:45:27 GMT-3
My thought would be to note what was *not* required. You are not required to shut down the port if a non-authorized mac address shows up, so I'd lean away from anything that might do so (especially since I'm sure to leave it in the default "shutdown" mode!).
In the face of this kind of ambiguity, I'd tend to try to do what is explicitly required, and try to avoid introducing any behavior that is not explicitly required.
David
********************************************
David Hiers
CCIE, CISSP
ADP Dealer Services
2525 SW First Avenue
Portland, OR 97201
v: 503 402 3703
email: david_hiers@adp.com
********************************************
-----Original Message-----
From: Tony Schaffran [mailto:groupstudy@cconlinelabs.com]
Sent: Tuesday, December 02, 2003 4:09 PM
To: Danny.Andaluz@triaton-na.com; ccielab@groupstudy.com
Subject: RE: switchport security or mac access-list??
I would go with the security. You can usually tell when they are fishing
for an access list. An access list is the easy way out.
Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Danny.Andaluz@triaton-na.com
Sent: Tuesday, December 02, 2003 3:57 PM
To: ccielab@groupstudy.com
Subject: switchport security or mac access-list??
Hey, Group. If a requirement states to only allow mac-address
1111.1111.1111 on port f0/15, would it be ok to configure a mac access-list
only allowing this mac or would switchport security with the mac address be
the way to go? They both satisfy the requirement. Not sure on this one.
Thanks,
Danny
This archive was generated by hypermail 2.1.4 : Sat Jan 03 2004 - 08:25:35 GMT-3