From: Carlos G Mendioroz (tron@huapi.ba.ar)
Date: Thu Oct 21 2004 - 08:51:38 GMT-3
You have to enable port security, that costed me some points :-(
there's a show to see violations.
And yes, if you are required to pay attention to IP address, a static
ARP entry would help, the proctor may tell you if that's needed...
my-ccie-test@libero.it wrote:
> Hi guys,
> I have a question about static arp.
>
> is there any option in the command:
>
> arp 10.10.10.10 aaaa.aaaa.aaaa arpa fastethernet0/1
>
> that drop violating traffic?
>
> suppose I want filter traffic from a specific pair mac-address/ip address not using access-list layer2/3.
>
> my configuration is:
>
> interface Fastethernet0/1
> switchport mode access
> switchport access vlan 100
> switchport port-security 1
> switchport port-security mac-address aaaa.aaaa.aaaa
>
>
> arp 10.10.10.10 aaaa.aaaa.aaaa arpa fastethernet0/1
>
>
> the traffic from other ip address or mac-address is dropped?
> how can I verify dropping packets?
>
> thanks
>
> max
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:50 GMT-3