RE: Repost: cat 3550 L3 Port security

From: Mike Williams (ccie2be@swbell.net)
Date: Sat Feb 14 2004 - 12:59:10 GMT-3

• Next message: Michael Snyder: "RE: Repost: cat 3550 L3 Port security"
• Previous message: Peter van Oene: "Re: A very good use for the bgp distance command."
• Maybe in reply to: Marko Berend: "Repost: cat 3550 L3 Port security"
• Next in thread: Michael Snyder: "RE: Repost: cat 3550 L3 Port security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Check the archives for this list............. The last time this was
brought up, it caused a very lengthy and in-depth discussion with many
different ideas.

Mike W.

-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Marko Berend
Sent: Friday, February 13, 2004 3:18 AM
To: john addison
Cc: ccielab@groupstudy.com
Subject: RE: Repost: cat 3550 L3 Port security

Thanks John,

But what makes this complicated is that a specified ip address
(10.1.2.4) and mac (aaaa.bbbb.cccc) has to be permitted only.

-----Original Message-----
From: john addison [mailto:john_r_addison@hotmail.com]
Sent: 13. veljaha 2004 10:11
To: Marko Berend
Subject: Re: Repost: cat 3550 L3 Port security

Use port security as follows...

int f0/x
switchport port-security mac-address <mac-address>
switchport port-security maximum 1

----- Original Message -----
From: "Marko Berend" <marko.berend@storm.hr>
To: <ccielab@groupstudy.com>
Sent: Friday, February 13, 2004 7:11 AM
Subject: Repost: cat 3550 L3 Port security

> Help please,
>
> Am I missing something so simple? Come on people, cat 3550, one Mac
> and
one IP switchport restriction without using any ACLs (!?)
> I'm guessing this rules out vlan access-maps for L3 also...
>
> It's driving me mad :)
>
> Thanks
>
> -----Original Message-----
> From: Marko Berend
> Sent: 6. veljaha 2004 11:47
> To: ccielab@groupstudy.com
> Subject: cat 3550 L3 Port security
>
>
> Hi group,
>
> The task is to restrict access on a port to a single specified mac
> address
and a single spec IP address without using L2/L3 acls. I understand the
L2 part with port security, but is it possible for L3?
>
> I tried specifying a static arp mapping on the cat3550 but this
> doesn't
prevent this port talking to others in the L2 domain. Only when talking
directly with the cat, this comes into play because the arp entry is
static (when IP is different than in arp cache).
>
> Any ideas?
>
> Thanks,
> Marko
>
> ______________________________________________________________________
> _
> Please help support GroupStudy by purchasing your study materials
> from:
http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
> ______________________________________________________________________
> _
> Please help support GroupStudy by purchasing your study materials
> from: http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

• Next message: Michael Snyder: "RE: Repost: cat 3550 L3 Port security"
• Previous message: Peter van Oene: "Re: A very good use for the bgp distance command."
• Maybe in reply to: Marko Berend: "Repost: cat 3550 L3 Port security"
• Next in thread: Michael Snyder: "RE: Repost: cat 3550 L3 Port security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:49 GMT-3