From: Joseph Brunner (joe@affirmedsystems.com)
Date: Sun Nov 04 2007 - 22:53:13 ART
The mac address list does not filter ip traffic; its used often with VACL's
to drop traffic at layer two.
The features do not overlap. Port security is concerned with what mac is
allowed on a port.
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
WorkerBee
Sent: Sunday, November 04, 2007 6:52 PM
To: CCIE20
Cc: Cisco certification
Subject: Re: MAC access list Vs. port security
For MAC access-list, you need to know the range of permitted or denied
addresses beforehand.
For Port-Security, you can 'dynamic' learned or explicitly permit the
MAC addresses to stick to that port only.
If there is additional requirement to log or shut down the port during
a violation, then this is clearly 'port-security' direction.
HTH
On 11/5/07, CCIE20 <sameh@bayanat.com.sa> wrote:
> Hi,
>
>
>
> I want to know when to use MAC access list and when to use port-security
> feature in the 3560 switch.
>
> My task is to filter MAC addresses coming from one port on that switch
> connected to an access point . Only few MAC address should be allowed to
> access.
>
> The question here is:
>
> 1. can I use MAC access list to do this task
> 2. I assume that I should see only one MAC address arriving at that
> port which is the access point MAC address only. Is my assumption correct?
>
>
>
> Thanks
>
>
>
>
>
> MA
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART