06-02-2009 02:26 AM - edited 03-06-2019 06:02 AM
Hi everybody,
I am configuring 3560 switch. I have the basic requirement. I want to configure a swithc port fa 0/0 to allow only the IP address 192.168.1.1 for example and deny any other PCs with IP address other than this.
I want to retain the port fa 0/0 as switch port only. I know to donot want to configure mac ACL. Can you guide me how to achieve this.
RK
Solved! Go to Solution.
06-02-2009 09:40 AM
Put an ip acl on the user port. You can put it inbound on the user port .
06-02-2009 02:39 AM
Hi
If u r sure that the switchport will not change for this PC u can use port security to achieve this.
switchport port security
switchport port security mac-address sticky
etc.
Thanks
Mahmood
06-02-2009 06:24 AM
Hi Mahmood,
Thanks for reply.
But I suppose that switchport port security mac-address sticky is for MAC address and not for IP address attached to the port.
Can you pl. explain how this command help in my scenario
RK
06-02-2009 08:38 AM
you can set static ip on your pc and use Mahmood's scenario
06-02-2009 09:24 AM
Hi,
Your idea is good, but "mac-address sticky" will check the MAC address associated with the ports & donot care about the IP address of the server connected.
I can very well use either port ACL. But want to know any other alternative solution similar to port security "mac-address sticky "
06-02-2009 09:40 AM
Put an ip acl on the user port. You can put it inbound on the user port .
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide