From: Marko Berend (marko.berend@storm.hr)
Date: Mon Feb 16 2004 - 04:45:17 GMT-3
Thanks a lot guys,
I have to agree with Adel's solution, it came to my mind also and I tested it before.
But what bugs me is this the only viable solution?
Because there is no mention of this particular VLAN in the scenario.
Any other ideas?
BTW secure ports and protected ports are mutualy exclusive, right? Can't do L2 security then.
Marko
-----Original Message-----
From: Adel Abushaev [mailto:adel@netmasterclass.net]
Sent: 14. veljaha 2004 20:28
To: Danny.Andaluz@triaton-na.com; ccielab@groupstudy.com
Subject: Re: Port security
I would assign 10.1.1.2/30 to the vlan interface and limit that vlan only to a particular port. It will not route anything other than 10.1.1.1 from the other side in case this needs to be routed out later on. This is in addition to port-security.
Adel Abouchaev
CCIE# 12037, MCSE
http://www.netmasterclass.net
----- Original Message -----
From: <Danny.Andaluz@triaton-na.com>
To: <cciestudy@sympatico.ca>; <danielcgs@imc.net.au>; <bobby1@ctimail3.com>; <ccielab@groupstudy.com>
Cc: <huntl@webcentral.com.au>
Sent: Saturday, February 14, 2004 2:13 PM
Subject: RE: Port security
> Sorry to bring back such an old post, but I was looking through the
archives and noticed this thread and it got me thinking a little.
>
> The vlan access-map would include the use of a layer 3 or layer 2 ACL
making this solution invalid. Any thoughts?
>
> Thanks,
> Danny
>
> -----Original Message-----
> From: CCIEStudy [mailto:cciestudy@sympatico.ca]
> Sent: Friday, May 09, 2003 8:27 PM
> To: Daniel Cisco Group Study; bobby; ccielab@groupstudy.com
> Cc: huntl@webcentral.com.au
> Subject: Re: Port security
>
>
> I think you have to create a vlan for this port and assign the vlan
> map to
that vlan.
>
> Des
> ----- Original Message -----
> From: "Daniel Cisco Group Study" <danielcgs@imc.net.au>
> To: "bobby" <bobby1@ctimail3.com>; <ccielab@groupstudy.com>
> Cc: <huntl@webcentral.com.au>
> Sent: Friday, May 09, 2003 6:55 PM
> Subject: RE: Port security
>
>
> > I don't think that VLAN Maps will help here. I know that people have
> suggested it in the past, but I have never seen a config to do this,
> nor
can I think of one....
> >
> > Anyone?
> >
> > Daniel
> >
> >
> > -----Original Message-----
> > From: bobby [mailto:bobby1@ctimail3.com]
> > Sent: Tuesday, 22 April 2003 20:34
> > To: ccielab@groupstudy.com
> > Subject: Reg: Port security
> >
> >
> > Hi,
> >
> > I want to only allow mac-address 0800.E4D3.A2D1 with ip address
> > 10.1.1.1
> on
> > port fast-etjhernet 0/10 on my 3550. The requirement is to not use
> > layer 3
> or
> > layer 2 access-lists. I have used port security and here are my
> > configs :
> >
> > interface FastEthernet 0/10
> > switchport port-security
> > switchport port-security maximum 1
> > switchport port-security mac-address 8000.E4D3.A2D1
> >
> > Now the above will tack care for the mac address part. Now for the
> > ip part
> I
> > have seen some posting mentioning to use
> > static arp entry also :
> >
> > arp 10.1.1.1 8000.E4D3.A2D1
> >
> > Even the above is not working. Now the only solution left out is use
> > vlan maps. But it will block the traffic in the whole vlan for
> the
> > particular ip address
> >
> > Any advise / comments ?
> >
> > Tks
> >
> >
> > ********************************************************************
> > **
> > This email and any files transmitted with it are confidential and
> > intended solely for the use of the individual or entity to whom they
> > are addressed. If you have received this email in error please notify
> > the system manager. This footnote also confirms that this email
> > message has been swept by MIMEsweeper for the presence of computer
> > viruses. www.mimesweeper.com
> > **********************************************************************
>
> ______________________________________________________________________
> _
> Please help support GroupStudy by purchasing your study materials from:
> http://shop.groupstudy.com
>
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Fri Mar 05 2004 - 07:13:50 GMT-3