From: Tony Schaffran (groupstudy@cconlinelabs.com)
Date: Thu Oct 21 2004 - 09:17:45 GMT-3
I would be careful how you respond to questions.
Some could consider this an NDA violation.
Tony Schaffran
Network Analyst
CCIE #11071
CCNP, CCNA, CCDA,
NNCDS, NNCSS, CNE, MCSE
www.cconlinelabs.com
Your #1 choice for online Cisco rack rentals.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Carlos G Mendioroz
Sent: Thursday, October 21, 2004 4:52 AM
To: my-ccie-test@libero.it
Cc: ccielab@groupstudy.com
Subject: Re: static arp
You have to enable port security, that costed me some points :-(
there's a show to see violations.
And yes, if you are required to pay attention to IP address, a static
ARP entry would help, the proctor may tell you if that's needed...
my-ccie-test@libero.it wrote:
> Hi guys,
> I have a question about static arp.
>
> is there any option in the command:
>
> arp 10.10.10.10 aaaa.aaaa.aaaa arpa fastethernet0/1
>
> that drop violating traffic?
>
> suppose I want filter traffic from a specific pair mac-address/ip address
not using access-list layer2/3.
>
> my configuration is:
>
> interface Fastethernet0/1
> switchport mode access
> switchport access vlan 100
> switchport port-security 1
> switchport port-security mac-address aaaa.aaaa.aaaa
>
>
> arp 10.10.10.10 aaaa.aaaa.aaaa arpa fastethernet0/1
>
>
> the traffic from other ip address or mac-address is dropped?
> how can I verify dropping packets?
>
> thanks
>
> max
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
-- Carlos G Mendioroz <tron@huapi.ba.ar> LW7 EQI Argentina
This archive was generated by hypermail 2.1.4 : Sat Nov 06 2004 - 17:11:52 GMT-3