Solved: IP access restriction in 3560

hclisschennai · ‎06-02-2009

Hi everybody,

I am configuring 3560 switch. I have the basic requirement. I want to configure a swithc port fa 0/0 to allow only the IP address 192.168.1.1 for example and deny any other PCs with IP address other than this.

I want to retain the port fa 0/0 as switch port only. I know to donot want to configure mac ACL. Can you guide me how to achieve this.

RK

glen.grant · ‎06-02-2009

Put an ip acl on the user port. You can put it inbound on the user port .

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swacl.html#wp1285529

View solution in original post

mahmoodmkl · ‎06-02-2009

Hi

If u r sure that the switchport will not change for this PC u can use port security to achieve this.

switchport port security

switchport port security mac-address sticky

etc.

Thanks

Mahmood

hclisschennai · ‎06-02-2009

Hi Mahmood,

Thanks for reply.

But I suppose that switchport port security mac-address sticky is for MAC address and not for IP address attached to the port.

Can you pl. explain how this command help in my scenario

RK

tnetusa123 · ‎06-02-2009

you can set static ip on your pc and use Mahmood's scenario

hclisschennai · ‎06-02-2009

Hi,

Your idea is good, but "mac-address sticky" will check the MAC address associated with the ports & donot care about the IP address of the server connected.

I can very well use either port ACL. But want to know any other alternative solution similar to port security "mac-address sticky "

glen.grant · ‎06-02-2009

Put an ip acl on the user port. You can put it inbound on the user port .

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swacl.html#wp1285529