mac access-list

From: Mark Stephanus Chandra (mark.chandra@gmail.com)
Date: Wed Jan 21 2009 - 07:08:58 ARST

• Next message: Marcin Polański: "Re: Cisc DOC CD"
• Previous message: Alexei Monastyrnyi: "Re: Regarding Management vlan in switching"
• Next in thread: NET HE: "RE: mac access-list"
• Maybe reply: NET HE: "RE: mac access-list"
• Maybe reply: mark.chandra@gmail.com: "Re: mac access-list"
• Maybe reply: mark.chandra@gmail.com: "Re: mac access-list"
• Maybe reply: paul cosgrove: "Re: mac access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Guys,

Continuing discuss about port-security the other day,

I choose to use Pavel Bykov recommendation to use mac access-list, but what
a surprise, After I implement this configuration, it's not really works.

Why I said that "NOT REALLY WORKS". I am using

Extended MAC access list mark

    deny any any

and configure it on a port fast 0/35

mac access-group executive in

Why I use deny any, this is to make sure I get my packet block.

First I plug it, it block my packet but when I release my address and renew
and obtain an ip address from DHCP. It doesn't block my packet.

After a while, idle on my laptop, it blocks my packet again.

Is this a normal behavior of a cisco switch ?

Regards

Mark Stephanus Chandra

Blogs and organic groups at http://www.ccie.net

• Next message: Marcin Polański: "Re: Cisc DOC CD"
• Previous message: Alexei Monastyrnyi: "Re: Regarding Management vlan in switching"
• Next in thread: NET HE: "RE: mac access-list"
• Maybe reply: NET HE: "RE: mac access-list"
• Maybe reply: mark.chandra@gmail.com: "Re: mac access-list"
• Maybe reply: mark.chandra@gmail.com: "Re: mac access-list"
• Maybe reply: paul cosgrove: "Re: mac access-list"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.4 : Sun Mar 01 2009 - 09:43:39 ARST