From: Adel Abushaev (adel@netmasterclass.net)
Date: Sat Feb 14 2004 - 16:27:54 GMT-3
I would assign 10.1.1.2/30 to the vlan interface and limit that vlan only to
a particular port. It will not route anything other than 10.1.1.1 from the
other side in case this needs to be routed out later on. This is in addition
to port-security.
Adel Abouchaev
CCIE# 12037, MCSE
http://www.netmasterclass.net
----- Original Message -----
From: <Danny.Andaluz@triaton-na.com>
To: <cciestudy@sympatico.ca>; <danielcgs@imc.net.au>; <bobby1@ctimail3.com>;
<ccielab@groupstudy.com>
Cc: <huntl@webcentral.com.au>
Sent: Saturday, February 14, 2004 2:13 PM
Subject: RE: Port security
> Sorry to bring back such an old post, but I was looking through the
archives and noticed this thread and it got me thinking a little.
>
> The vlan access-map would include the use of a layer 3 or layer 2 ACL
making this solution invalid. Any thoughts?
>
> Thanks,
> Danny
>
> -----Original Message-----
> From: CCIEStudy [mailto:cciestudy@sympatico.ca]
> Sent: Friday, May 09, 2003 8:27 PM
> To: Daniel Cisco Group Study; bobby; ccielab@groupstudy.com
> Cc: huntl@webcentral.com.au
> Subject: Re: Port security
>
>
> I think you have to create a vlan for this port and assign the vlan map to
that vlan.
>
> Des
> ----- Original Message -----
> From: "Daniel Cisco Group Study" <danielcgs@imc.net.au>
> To: "bobby" <bobby1@ctimail3.com>; <ccielab@groupstudy.com>
> Cc: <huntl@webcentral.com.au>
> Sent: Friday, May 09, 2003 6:55 PM
> Subject: RE: Port security
>
>
> > I don't think that VLAN Maps will help here. I know that people have
> suggested it in the past, but I have never seen a config to do this, nor
can I think of one....
> >
> > Anyone?
> >
> > Daniel
> >
> >
> > -----Original Message-----
> > From: bobby [mailto:bobby1@ctimail3.com]
> > Sent: Tuesday, 22 April 2003 20:34
> > To: ccielab@groupstudy.com
> > Subject: Reg: Port security
> >
> >
> > Hi,
> >
> > I want to only allow mac-address 0800.E4D3.A2D1 with ip address
> > 10.1.1.1
> on
> > port fast-etjhernet 0/10 on my 3550. The requirement is to not use
> > layer 3
> or
> > layer 2 access-lists. I have used port security and here are my
> > configs :
> >
> > interface FastEthernet 0/10
> > switchport port-security
> > switchport port-security maximum 1
> > switchport port-security mac-address 8000.E4D3.A2D1
> >
> > Now the above will tack care for the mac address part. Now for the ip
> > part
> I
> > have seen some posting mentioning to use
> > static arp entry also :
> >
> > arp 10.1.1.1 8000.E4D3.A2D1
> >
> > Even the above is not working. Now the only solution left
> > out is use vlan maps. But it will block the traffic in the whole vlan
> > for
> the
> > particular ip address
> >
> > Any advise / comments ?
> >
> > Tks
> >
> >
> > **********************************************************************
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the system manager. This footnote also confirms that this email
> > message has been swept by MIMEsweeper for the presence of computer
> > viruses. www.mimesweeper.com
> > **********************************************************************
>
> _______________________________________________________________________
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:49 GMT-3