From: mani poopal (mani_ccie@yahoo.com)
Date: Sun Apr 17 2005 - 09:14:38 GMT-3
So guys,
If the question asks to allow only ip 200.100.100.13 with a mac address 0001.1313.1313. what is the right solution.
1. port securtity + static arp in the switch or
2. port security + access-list/access-group on port fa 0/13 of switch
PS: Can we apply a access-group(ip based) for an access port of a switch
thanks
MANI
Mihai Petcu <mpetcu2004@yahoo.com> wrote: Lanny,
Try using these commands in order to block other IP addresses on port fa0/13 :
interface fa0/13
ip access-group BLOCK in
ip access-list extended BLOCK
permit ip host 200.100.100.13 any
Don't forget about the implicit "deny any any" at the end of access-list BLOCK.
HTH,
Mihai
Lanny Ballard wrote:
Hey guys,
I'm doing Lab 20 in the ccbootcamp lab workbook, and I have a question
I have the statement "Configure Port Security on Cat1 so that R13 using the
IP address of 200.100.100.13 and the Mac Address of 0001.1313.1313 is the
only device allowed on the switchport
so I have on the catalyst:
int fa0/13
switchport mode access
swtchiport access vlan 100
switchport port-security
switchport port-security mac-addres 0001.1313.1313
!
arp 200.100.100.13 0001.1313.1313 fa0/13
and on R13
int fa0/0
ip add 200.100.100.13
mac-address 0001.1313.1313
Ok, so here's the deal. When I change the mac-address, the port shuts down
like it should; however, when I change the ip address on the router, the
port does not shut down. Can someone tell me what I'm missing here?
The sad part is I even checked the answers, and it looks like I have it
right, but I can't figure out what's missing.
TIA
Lanny
This archive was generated by hypermail 2.1.4 : Tue May 03 2005 - 07:54:59 GMT-3