Re: Cat3550's Security..

From: miken (miken@sisna.com)
Date: Sun Jan 18 2004 - 15:59:05 GMT-3

• Next message: Mark Rushby: "route-map tags"
• Previous message: Jim Feldman: "RE: RSVP-Question for RTP-Packet..."
• Maybe in reply to: wwwjjang@chol.com: "Cat3550's Security.."
• Next in thread: Scott Morris: "RE: Cat3550's Security.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

What other protocols and technologies do you have available that will help
solve the requirement? How about combining port security as Bob notes below
in combination with using ARP in a way that binds the MAC to the IP address.

HTH,
Mike Nygard, CCIE#12602

----- Original Message -----
From: "Bob Sinclair" <bsin@cox.net>
To: <wwwjjang@chol.com>; <ccielab@groupstudy.com>
Sent: Sunday, January 18, 2004 10:51 AM
Subject: Re: Cat3550's Security..

> Virtually all of the 3550 security options that come to mind require an
> access list to identify filtered traffic. If all uses of access lists are
> definitely rule out, then perhaps your options are narrowed to just port
> security or protected port. The former relies on source mac addresses
only,
> so I am not sure how this will solve your problem. If the port
associated
> with the destination ip address is on the same switch and in the same vlan
> as your source, then perhaps the protected port feature would work. Can
you
> post the entire scenario? Is it possible that the access-list restriction
> is worded in a way that would permit a vlan map?
>
> HTH,
>
> Bob Sinclair
> CCIE #10427, CISSP, MCSE
> www.netmasterclass.net
>
>
> ----- Original Message -----
> From: <wwwjjang@chol.com>
> To: <ccielab@groupstudy.com>
> Sent: Sunday, January 18, 2004 9:54 AM
> Subject: Cat3550's Security..
>
>
> > Hi..everyone
> > How can i config this Cat3550's Security ??
> >
> > Pleae Help me..
> >
> > ----------
> > Question
> > ----------
> > -A Laptop is connected to the fastethernet 0/5 of cat 3550.
> > -Only When you access to the 150.150.150.1/24 from your laptop
> > (Mac-address 0001.0001.2345), you can permit to "Drop".
> > -When you access to the other address except 150.150.150.1/24,
> > You cannot "Drop"
> > -You cannot use L2 & L3-ACL..
> >
> > _______________________________________________________________________
> > Please help support GroupStudy by purchasing your study materials from:
> > http://shop.groupstudy.com
> >
> > Subscription information may be found at:
> > http://www.groupstudy.com/list/CCIELab.html
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Mark Rushby: "route-map tags"
• Previous message: Jim Feldman: "RE: RSVP-Question for RTP-Packet..."
• Maybe in reply to: wwwjjang@chol.com: "Cat3550's Security.."
• Next in thread: Scott Morris: "RE: Cat3550's Security.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:47 GMT-3