Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
339
Views
0
Helpful
7
Replies

3550 security

kswonnell
Level 1
Level 1

‎03-12-2003 10:00 AM - edited ‎03-02-2019 05:49 AM

I have a PC with a specific mac and IP address.I wish to ensure that only this mac/ip address can connect to a specific port of my 3550. How can I do this?

Labels:
0 Helpful
7 Replies 7

michael-faust
Level 1
Level 1

‎03-12-2003 11:49 AM

config t

interface f0/5

switchport mode access

switchport port-security

switchport port-security maximum 1

switchport port-security mac-address xxxx.xxxx.xxxx

end

copy run start

0 Helpful

t.baranski
Level 4
Level 4
In response to michael-faust

‎03-12-2003 07:46 PM

This takes care of the MAC address part. If you need to restrict by IP as well, you'll need to apply an access list to the port in question.

0 Helpful

kswonnell
Level 1
Level 1
In response to michael-faust

‎03-14-2003 01:07 AM

Thanks but my question is how to filter a amc AND IP address at the same time. Please provide an example of this.

0 Helpful

rjackson
Level 5
Level 5
In response to kswonnell

‎03-14-2003 08:15 AM

They are different types of access lists so you cant do it that way. If this is a layer 3 switch you have to lock the mac to ip arp entry with a static arp entry. global command arp ip-addr mac-addr type. Then the previous description on port mac security will do the rest.

0 Helpful

t.baranski
Level 4
Level 4
In response to rjackson

‎03-14-2003 05:34 PM

Static ARP entries won't help filter the source IP address of traffic coming into a port. The only way I'm aware of to do that is an IP access list. So in your case you need an IP access list applied to the port as well as the port security configuration given above.

0 Helpful

raarons
Level 1
Level 1
In response to t.baranski

‎03-17-2003 06:35 AM

This old chestnut again! It ran and ran on routerie.com some time back, even though an early poster got the answer...

access-list 5 permit 10.1.1.1

!

interface FastEthernet0/6

switchport mode access

no ip address

switchport port-security

switchport port-security maximum 1

switchport port-security violation shutdown

switchport port-security mac-address 0009.e879.2ce1

ip access-group 5 in

The trick is that the 3550 supports an inbound IP ACL on a layer-2 (i.e. switchport) port. All you need is to add port security and voila!

Is this question appearing again and again because it is being posed in the exams now?

0 Helpful

kswonnell
Level 1
Level 1
In response to raarons

‎03-21-2003 03:00 AM

Yes, it pops up in the CCIE lab test.

I'm happy to run with the above solutio........thanks to all of you!

Kevin

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents