Can it is possible when ip address directely assigned at customers pc only. not in cisco 3550 on interface and also vlan interface ??
I need deny ip per interface through access-list.
can it is possible deny ip when ip address asigned at customers pc only not assigned on interace and also on vlan interface
in cisco 3550 ??
pl see bellow my network diagram
we are using cisco 3550 switch to authenticat our users to our both the server which is connectd interface port 1 and 2
Interface port 1 connectd with billing Authenticaion Server 1 ( ip 172.16.0.1 directly assing on server not in inteface)
Inerface port 2 conneted with Billing Authentication server 2 ( 172.16.0.2 directly assinged on server not in intefface)
Interface port 3 to 48 connetd each port with single 48 port DSLAM to connetd customers ADSL modem and then PC.
All the interface from port 1 to 48 access on same VLAn (vlan 2)
All the customers need to authentic to both the servers only.
Interface port 3 customers ip range 172.16.48.1 to 254 and 172.16.49.1 to 254 needs to access ip 172.16.0.1 & 2 and other are deny)
interface port 4 customer ip range 172.16.52.1 to 254 and 172.16.50.1 to 254 needs to access ip 172.16.0.1 & 2 and other are deny.
pl suggest me my bellow config templates it's right or needs to any change.
access-list extended abc
permit ip 172.16.48.0 0.0.0.255 host 172.16.0.1
permit ip 172.16.48.0 0.0.0.255 host 172.16.0.2
permit ip 172.16.49.0 0.0.0.255 host 172.16.0.1
permit ip 172.16.49.0 0.0.0.255 host 172.16.0.2
deny ip any any
and then apply on interface port 3
access-group abc in
Please guide me it is possible when ip address asigned dierecty on customer pc ??
Thanks in ADV,