From: Chan Hong (chan_hong33@yahoo.com)
Date: Mon Nov 05 2007 - 09:17:00 ART
If the task is asking you to drop the mac address in a vlan. You can use "mac
address-table static drop"
http://www.cisco.com/univercd/cc/td/doc/product/lan/cat3560/12240se/cr/cli1.h
tm#wp3003251
----- 6l%s-l%s ----
1H%s$H!R Joseph Brunner
<joe@affirmedsystems.com>
&,%s$H WorkerBee <ciscobee@gmail.com>; CCIE20
<sameh@bayanat.com.sa>
0F%;(CC) Cisco certification <ccielab@groupstudy.com>
6G0e$i4A!R 2007 &~ 11$k 5 $i ,P4A$@ $W$H 9:53:13
%DCD!G RE: MAC access list
Vs. port security
The mac address list does not filter ip traffic; its used
often with VACL's
to drop traffic at layer two.
The features do not overlap.
Port security is concerned with what mac is
allowed on a port.
-----Original
Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On
Behalf Of
WorkerBee
Sent: Sunday, November 04, 2007 6:52 PM
To: CCIE20
Cc:
Cisco certification
Subject: Re: MAC access list Vs. port security
For MAC
access-list, you need to know the range of permitted or denied
addresses
beforehand.
For Port-Security, you can 'dynamic' learned or explicitly permit
the
MAC addresses to stick to that port only.
If there is additional
requirement to log or shut down the port during
a violation, then this is
clearly 'port-security' direction.
HTH
On 11/5/07, CCIE20
<sameh@bayanat.com.sa> wrote:
> Hi,
>
>
>
> I want to know when to use MAC
access list and when to use port-security
> feature in the 3560 switch.
>
> My
task is to filter MAC addresses coming from one port on that switch
>
connected to an access point . Only few MAC address should be allowed to
>
access.
>
> The question here is:
>
> 1. can I use MAC access list to do
this task
> 2. I assume that I should see only one MAC address arriving
at that
> port which is the access point MAC address only. Is my assumption
correct?
>
>
>
> Thanks
>
>
>
>
>
> MA
>
>
This archive was generated by hypermail 2.1.4 : Sat Dec 01 2007 - 06:37:28 ART