Re: Re: Port-security

From: ian (iyux2000@gmail.com)
Date: Tue Mar 13 2007 - 21:57:43 ART

• Next message: Abderrahim sadki: "Re: FR IN-ARP"
• Previous message: Mohamed T. Kondela: "RE: Port Channel Bandwidth"
• Maybe in reply to: Ivan: "Re: Port-security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Ivan,How are you#!

        Thank you Ivan. I'am also very interest in this topic.
Ivan, do you mean we must include port-security keyword to make it work. (check against ip add and mac simutaneously)

======= 2007-03-13 20:46:18 What you've mentioned in your letter#:=======

>I don't see any reason to this feature don't work in tandem. I have no
>equipment to test it now. ASAP i try to do this.
>First port-security check possible accept frame from port, then sourse binding
>check accordance IP [, mac address].
>
>Concern port-security keyword in ip verify source. This keyword force check
>correspondance IP and mac. Without this check only IP.
>
>Some hypotetically situation.
>ip sour bind 1.1.1 vlan 1 1.1.1.1
>ip sour bind 2.2.2 vlan 1 2.2.2.2
>int f0/0
>sw port-security
>sw port-security max 2
>sw port-security addr 1.1.1
>sw port-security addr 2.2.2
>ip ver source <---- without portsec
>
>In this situation host 1.1.1.1 can access to LAN with mac 2.2.2
>
>But if you add port-security keyword previous is impossible.
>
>
>
>
>
>On Tuesday 13 March 2007 03:09, ian wrote:
>> Ivan,How are you#!
>>
>> Can someone explain a little bit more detailed about this command,
>> espeically when "ip binding source" is used with port-security?
>>
>> ======= 2007-03-12 20:00:22 What you've mentioned in your letter#:=======
>>
>> >http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12235se/cr/cli
>> >1.htm#wp9079071
>> >
>> >On Monday 12 March 2007 11:51, achievewoo@gmail.com wrote:
>> >> Hi, GS
>> >> To achieve switch security, We usually use "switchport port-security"
>> >> command to bind layer 2 address and against untursted devices connecting
>> >> switch. My question is: Is it possible to let switchport bind an stable
>> >> layer 3 at the same time?
>> >>
>> >> Thanks!
>> >>
>> >> _______________________________________________________________________
>> >> Subscription information may be found at:
>> >> http://www.groupstudy.com/list/CCIELab.html
>> >
>> >--
>> >Ivan
>> >
>> >_______________________________________________________________________
>> >Subscription information may be found at:
>> >http://www.groupstudy.com/list/CCIELab.html
>>
>> = = = = = = = = = = = = = = = = = = = =
>>
>>
>> !!!!!!!!!!!!!!!!Have a nice day.
>>
>>
>> !!!!!!!!!!!!!!!!ian
>> !!!!!!!!!!!!!!!!iyux2000@gmail.com
>> !!!!!!!!!!!!!!!!!!!!2007-03-13
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>--
>Ivan

= = = = = = = = = = = = = = = = = = = =
                        

!!!!!!!!!!!!!!!!Have a nice day.
 
                                 
!!!!!!!!!!!!!!!!ian
!!!!!!!!!!!!!!!!iyux2000@gmail.com
!!!!!!!!!!!!!!!!!!!!2007-03-14

• Next message: Abderrahim sadki: "Re: FR IN-ARP"
• Previous message: Mohamed T. Kondela: "RE: Port Channel Bandwidth"
• Maybe in reply to: Ivan: "Re: Port-security"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Apr 01 2007 - 06:35:51 ART