RE: Cat3550's Security..

From: Scott Morris (swm@emanon.com)
Date: Sun Jan 18 2004 - 17:55:48 GMT-3

• Next message: alsontra@hotmail.com: "Tips and Trick URL"
• Previous message: PB W-wa: "Re: route-map tags"
• Maybe in reply to: wwwjjang@chol.com: "Cat3550's Security.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

It sounds like a poorly worded scenario, or poorly interpreted one. Since
the word "drop" is in there, chances are VLAN maps are the solution being
looked for. But I would suggest a little research on the topics rather than
simply posting snippets of lab scenarios!

You'll find that many different options come to mind, and most will be based
or influenced on other parts of the scenario and topology in question...

Just a thought!

 
Scott Morris, CCIE4 (R&S/ISP-Dial/Security/Service Provider) #4713, CISSP,
JNCIS, et al.
IPExpert CCIE Program Manager
IPExpert Sr. Technical Instructor
swm@emanon.com/smorris@ipexpert.net
http://www.ipexpert.net
 

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of Bob
Sinclair
Sent: Sunday, January 18, 2004 12:52 PM
To: wwwjjang@chol.com; ccielab@groupstudy.com
Subject: Re: Cat3550's Security..

Virtually all of the 3550 security options that come to mind require an
access list to identify filtered traffic. If all uses of access lists are
definitely rule out, then perhaps your options are narrowed to just port
security or protected port. The former relies on source mac addresses only,
so I am not sure how this will solve your problem. If the port associated
with the destination ip address is on the same switch and in the same vlan
as your source, then perhaps the protected port feature would work. Can you
post the entire scenario? Is it possible that the access-list restriction
is worded in a way that would permit a vlan map?

HTH,

Bob Sinclair
CCIE #10427, CISSP, MCSE
www.netmasterclass.net

----- Original Message -----
From: <wwwjjang@chol.com>
To: <ccielab@groupstudy.com>
Sent: Sunday, January 18, 2004 9:54 AM
Subject: Cat3550's Security..

> Hi..everyone
> How can i config this Cat3550's Security ??
>
> Pleae Help me..
>
> ----------
> Question
> ----------
> -A Laptop is connected to the fastethernet 0/5 of cat 3550.
> -Only When you access to the 150.150.150.1/24 from your laptop
> (Mac-address 0001.0001.2345), you can permit to "Drop".
> -When you access to the other address except 150.150.150.1/24,
> You cannot "Drop"
> -You cannot use L2 & L3-ACL..
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: alsontra@hotmail.com: "Tips and Trick URL"
• Previous message: PB W-wa: "Re: route-map tags"
• Maybe in reply to: wwwjjang@chol.com: "Cat3550's Security.."
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Mon Feb 02 2004 - 09:07:47 GMT-3