Fixed IP per port , Cisco 2960 switch

Unanswered Question
May 22nd, 2010
User Badges:

Hi,


I have few cisco 2960 (model : WS-C2960-24TT-L). I am doing vla, port-security. In port-security it only fixed the no of maximum port allowed per port. But I need to fixed the IP address per port; that mean the pre-define ip address can be accessed by a particular port. Is it possible? Greatful I have the solution.

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Nagendra Kumar ... Sat, 05/22/2010 - 23:07
User Badges:
  • Cisco Employee,

Hi,


I dont think there is any feature similar to port-secuirty to control traffic based on IP. You can try host specific IP ACL to permit traffic only from that particular IP address.


HTH,

Nagendra

siyadh2020 Sun, 05/23/2010 - 03:07
User Badges:

Hi fakrul,


can u please let me know what is the need of using ip-address for port security instead of mac-address...?

If it is either dhcp or static then use mac-address is the best for ports security.

As per my knowledge there have no chance to use ip-address for the port security.

Mohamed Sobair Sun, 05/23/2010 - 05:12
User Badges:
  • Gold, 750 points or more

Hi,


you will need to look at (IP Source Guard) with DHCP snooping feature.


at the layer-2 interface, you will need to bind static IP with its mac-address with (ip source binding) command.



This should achiev what you are looking for,


Mohamed

Ganesh Hariharan Sun, 05/23/2010 - 06:04
User Badges:
  • Purple, 4500 points or more
  • Community Spotlight Award,

    Member's Choice, February 2016


Hi,


I have few cisco 2960 (model : WS-C2960-24TT-L). I am doing vla, port-security. In port-security it only fixed the no of maximum port allowed per port. But I need to fixed the IP address per port; that mean the pre-define ip address can be accessed by a particular port. Is it possible? Greatful I have the solution.


Hi,


You cannot achive via port security that pre defined ip can access particular port,yes if you want to impelment 802.1x authentication integaration via ACS with this only authenticated user can access the switch vlan or port can come on active state.


Check out the below link on 802.1x auth in switches


http://www.ciscosistemas.org/en/US/docs/switches/lan/catalyst6500/ios/12.1E/native/configuration/guide/dot1x.html


Hope to Help !!


Ganesh.H


Remember to rate the helpful post

Actions

This Discussion