From: Bob Sinclair (bsin@cox.net)
Date: Sun Jan 18 2004 - 14:51:56 GMT-3
Virtually all of the 3550 security options that come to mind require an
access list to identify filtered traffic. If all uses of access lists are
definitely rule out, then perhaps your options are narrowed to just port
security or protected port. The former relies on source mac addresses only,
so I am not sure how this will solve your problem. If the port associated
with the destination ip address is on the same switch and in the same vlan
as your source, then perhaps the protected port feature would work. Can you
post the entire scenario? Is it possible that the access-list restriction
is worded in a way that would permit a vlan map?
HTH,
Bob Sinclair
CCIE #10427, CISSP, MCSE
www.netmasterclass.net
----- Original Message -----
From: <wwwjjang@chol.com>
To: <ccielab@groupstudy.com>
Sent: Sunday, January 18, 2004 9:54 AM
Subject: Cat3550's Security..
> Hi..everyone
> How can i config this Cat3550's Security ??
>
> Pleae Help me..
>
> ----------
> Question
> ----------
> -A Laptop is connected to the fastethernet 0/5 of cat 3550.
> -Only When you access to the 150.150.150.1/24 from your laptop
> (Mac-address 0001.0001.2345), you can permit to "Drop".
> -When you access to the other address except 150.150.150.1/24,
> You cannot "Drop"
> -You cannot use L2 & L3-ACL..
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:47 GMT-3