Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

3550 security

I have a PC with a specific mac and IP address.I wish to ensure that only this mac/ip address can connect to a specific port of my 3550. How can I do this?

7 REPLIES
New Member

Re: 3550 security

config t

interface f0/5

switchport mode access

switchport port-security

switchport port-security maximum 1

switchport port-security mac-address xxxx.xxxx.xxxx

end

copy run start

Bronze

Re: 3550 security

This takes care of the MAC address part. If you need to restrict by IP as well, you'll need to apply an access list to the port in question.

New Member

Re: 3550 security

Thanks but my question is how to filter a amc AND IP address at the same time. Please provide an example of this.

Bronze

Re: 3550 security

They are different types of access lists so you cant do it that way. If this is a layer 3 switch you have to lock the mac to ip arp entry with a static arp entry. global command arp ip-addr mac-addr type. Then the previous description on port mac security will do the rest.

Bronze

Re: 3550 security

Static ARP entries won't help filter the source IP address of traffic coming into a port. The only way I'm aware of to do that is an IP access list. So in your case you need an IP access list applied to the port as well as the port security configuration given above.

New Member

Re: 3550 security

This old chestnut again! It ran and ran on routerie.com some time back, even though an early poster got the answer...

access-list 5 permit 10.1.1.1

!

interface FastEthernet0/6

switchport mode access

no ip address

switchport port-security

switchport port-security maximum 1

switchport port-security violation shutdown

switchport port-security mac-address 0009.e879.2ce1

ip access-group 5 in

The trick is that the 3550 supports an inbound IP ACL on a layer-2 (i.e. switchport) port. All you need is to add port security and voila!

Is this question appearing again and again because it is being posed in the exams now?

New Member

Re: 3550 security

Yes, it pops up in the CCIE lab test.

I'm happy to run with the above solutio........thanks to all of you!

Kevin

109
Views
0
Helpful
7
Replies
CreatePlease to create content