From: christopher snow (cbsnow31@yahoo.com)
Date: Sun Feb 15 2004 - 07:19:59 GMT-3
Brilliant!!!!
Great analysis Adel...
Chris Snow
--- Adel Abushaev <adel@netmasterclass.net> wrote:
> I would assign 10.1.1.2/30 to the vlan interface and
> limit that vlan only to
> a particular port. It will not route anything other
> than 10.1.1.1 from the
> other side in case this needs to be routed out later
> on. This is in addition
> to port-security.
>
> Adel Abouchaev
> CCIE# 12037, MCSE
> http://www.netmasterclass.net
>
> ----- Original Message -----
> From: <Danny.Andaluz@triaton-na.com>
> To: <cciestudy@sympatico.ca>;
> <danielcgs@imc.net.au>; <bobby1@ctimail3.com>;
> <ccielab@groupstudy.com>
> Cc: <huntl@webcentral.com.au>
> Sent: Saturday, February 14, 2004 2:13 PM
> Subject: RE: Port security
>
>
> > Sorry to bring back such an old post, but I was
> looking through the
> archives and noticed this thread and it got me
> thinking a little.
> >
> > The vlan access-map would include the use of a
> layer 3 or layer 2 ACL
> making this solution invalid. Any thoughts?
> >
> > Thanks,
> > Danny
> >
> > -----Original Message-----
> > From: CCIEStudy [mailto:cciestudy@sympatico.ca]
> > Sent: Friday, May 09, 2003 8:27 PM
> > To: Daniel Cisco Group Study; bobby;
> ccielab@groupstudy.com
> > Cc: huntl@webcentral.com.au
> > Subject: Re: Port security
> >
> >
> > I think you have to create a vlan for this port
> and assign the vlan map to
> that vlan.
> >
> > Des
> > ----- Original Message -----
> > From: "Daniel Cisco Group Study"
> <danielcgs@imc.net.au>
> > To: "bobby" <bobby1@ctimail3.com>;
> <ccielab@groupstudy.com>
> > Cc: <huntl@webcentral.com.au>
> > Sent: Friday, May 09, 2003 6:55 PM
> > Subject: RE: Port security
> >
> >
> > > I don't think that VLAN Maps will help here. I
> know that people have
> > suggested it in the past, but I have never seen a
> config to do this, nor
> can I think of one....
> > >
> > > Anyone?
> > >
> > > Daniel
> > >
> > >
> > > -----Original Message-----
> > > From: bobby [mailto:bobby1@ctimail3.com]
> > > Sent: Tuesday, 22 April 2003 20:34
> > > To: ccielab@groupstudy.com
> > > Subject: Reg: Port security
> > >
> > >
> > > Hi,
> > >
> > > I want to only allow mac-address 0800.E4D3.A2D1
> with ip address
> > > 10.1.1.1
> > on
> > > port fast-etjhernet 0/10 on my 3550. The
> requirement is to not use
> > > layer 3
> > or
> > > layer 2 access-lists. I have used port security
> and here are my
> > > configs :
> > >
> > > interface FastEthernet 0/10
> > > switchport port-security
> > > switchport port-security maximum 1
> > > switchport port-security mac-address
> 8000.E4D3.A2D1
> > >
> > > Now the above will tack care for the mac address
> part. Now for the ip
> > > part
> > I
> > > have seen some posting mentioning to use
> > > static arp entry also :
> > >
> > > arp 10.1.1.1 8000.E4D3.A2D1
> > >
> > > Even the above is not working. Now the only
> solution left
> > > out is use vlan maps. But it will block the
> traffic in the whole vlan
> > > for
> > the
> > > particular ip address
> > >
> > > Any advise / comments ?
> > >
> > > Tks
> > >
> > >
> > >
>
**********************************************************************
> > > This email and any files transmitted with it are
> confidential and
> > > intended solely for the use of the individual or
> entity to whom they
> > > are addressed. If you have received this email
> in error please notify
> > > the system manager. This footnote also confirms
> that this email
> > > message has been swept by MIMEsweeper for the
> presence of computer
> > > viruses. www.mimesweeper.com
> > >
>
**********************************************************************
> >
> >
>
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:50 GMT-3