IP access restriction in 3560

Answered Question
Jun 2nd, 2009

Hi everybody,

I am configuring 3560 switch. I have the basic requirement. I want to configure a swithc port fa 0/0 to allow only the IP address for example and deny any other PCs with IP address other than this.

I want to retain the port fa 0/0 as switch port only. I know to donot want to configure mac ACL. Can you guide me how to achieve this.


I have this problem too.
0 votes
Correct Answer by glen.grant about 7 years 4 months ago
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
mahmoodmkl Tue, 06/02/2009 - 02:39


If u r sure that the switchport will not change for this PC u can use port security to achieve this.

switchport port security

switchport port security mac-address sticky




hclisschennai Tue, 06/02/2009 - 06:24

Hi Mahmood,

Thanks for reply.

But I suppose that switchport port security mac-address sticky is for MAC address and not for IP address attached to the port.

Can you pl. explain how this command help in my scenario


hclisschennai Tue, 06/02/2009 - 09:24


Your idea is good, but "mac-address sticky" will check the MAC address associated with the ports & donot care about the IP address of the server connected.

I can very well use either port ACL. But want to know any other alternative solution similar to port security "mac-address sticky "


This Discussion