Re: Port-security

From: Ivan (ivan@iip.net)
Date: Tue Mar 13 2007 - 07:46:12 ART

• Next message: Darby Weaver: "Re: Lab Approach - Getting Ready for the 3rd Shot At The Title"
• Previous message: Salau,Olayemi: "Re: 13 Days to My First Attempt/Multicast Question"
• Maybe in reply to: achievewoo@gmail.com: "Port-security"
• Next in thread: ian: "Re: Re: Port-security"
• Maybe reply: ian: "Re: Re: Port-security"
• Maybe reply: ian: "Re: Re: Port-security"
• Maybe reply: ian: "Re: Re: Port-security"
• Maybe reply: ian: "Re: Re: Port-security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

I don't see any reason to this feature don't work in tandem. I have no
equipment to test it now. ASAP i try to do this.
First port-security check possible accept frame from port, then sourse binding
check accordance IP [, mac address].

Concern port-security keyword in ip verify source. This keyword force check
correspondance IP and mac. Without this check only IP.

Some hypotetically situation.
ip sour bind 1.1.1 vlan 1 1.1.1.1
ip sour bind 2.2.2 vlan 1 2.2.2.2
int f0/0
sw port-security
sw port-security max 2
sw port-security addr 1.1.1
sw port-security addr 2.2.2
ip ver source <---- without portsec

In this situation host 1.1.1.1 can access to LAN with mac 2.2.2

But if you add port-security keyword previous is impossible.

On Tuesday 13 March 2007 03:09, ian wrote:
> Ivan,How are you#!
>
> Can someone explain a little bit more detailed about this command,
> espeically when "ip binding source" is used with port-security?
>
> ======= 2007-03-12 20:00:22 What you've mentioned in your letter#:=======
>
> >http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12235se/cr/cli
> >1.htm#wp9079071
> >
> >On Monday 12 March 2007 11:51, achievewoo@gmail.com wrote:
> >> Hi, GS
> >> To achieve switch security, We usually use "switchport port-security"
> >> command to bind layer 2 address and against untursted devices connecting
> >> switch. My question is: Is it possible to let switchport bind an stable
> >> layer 3 at the same time?
> >>
> >> Thanks!
> >>
> >> _______________________________________________________________________
> >> Subscription information may be found at:
> >> http://www.groupstudy.com/list/CCIELab.html
> >
> >--
> >Ivan
> >
> >_______________________________________________________________________
> >Subscription information may be found at:
> >http://www.groupstudy.com/list/CCIELab.html
>
> = = = = = = = = = = = = = = = = = = = =
>
>
> !!!!!!!!!!!!!!!!Have a nice day.
>
>
> !!!!!!!!!!!!!!!!ian
> !!!!!!!!!!!!!!!!iyux2000@gmail.com
> !!!!!!!!!!!!!!!!!!!!2007-03-13
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html

-- 
Ivan

• Next message: Darby Weaver: "Re: Lab Approach - Getting Ready for the 3rd Shot At The Title"
• Previous message: Salau,Olayemi: "Re: 13 Days to My First Attempt/Multicast Question"
• Maybe in reply to: achievewoo@gmail.com: "Port-security"
• Next in thread: ian: "Re: Re: Port-security"
• Maybe reply: ian: "Re: Re: Port-security"
• Maybe reply: ian: "Re: Re: Port-security"
• Maybe reply: ian: "Re: Re: Port-security"
• Maybe reply: ian: "Re: Re: Port-security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:51 ART