From: Tom Rogers (cccie71@yahoo.com)
Date: Thu Jun 17 2004 - 15:28:30 GMT-3
Sam,
According to your config "switchport port-security mac-address 0030.1369.87a0
" if that is the router mac, traffic will be allowed into the switch from that mac. If You have several PC's behind this router, all will get access.
To answer your question ,If the switch sees the mac address of the router IT WILL NOT BLOCK IT which in turn will allow PC traffic to through also.
Tom
samccie2004@yahoo.co.uk wrote:
Hi Tom
Thanks for the reply, but this is where I am getting confused. If the switch
sees the mac address of the router and blocks it then no traffic from
router and therefore from PC will be forwarded. Am I missing something
really simple here and obvious ?
Cheers
Sam
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Tom Rogers
Sent: 17 June 2004 09:02
To: samccie2004@yahoo.co.uk; studygroup
Subject: Re: IE lab12 task 1.14
Sam,
I dont think so.....
This port will allow traffic from that mac. And I beleive that is your
router's mac, right ?
If yes.... guess what.... the switch does not see PC's (PCs connected to
router) mac's
And you know why. So all the traffic that the switch is going to see is from
the same mac for all the PC's.
So tell me where re you restricting the PCs?
Tom
samccie2004@yahoo.co.uk wrote:
Hi all
Would this be a valid solution. I understand the proposed solution and how
IP traffic can slip thru the net.
The below solution would simply block the port ?
Switch#sh run int fa0/7
Building configuration...
Current configuration : 181 bytes
!
interface FastEthernet0/7
switchport mode access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0030.1369.87a0
end
TIA
Sam
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:43 GMT-3