Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Can the 5500 switch port restrict ip address

Can the 5500 switch 10/100 module switch port allow access to a particular ip address. I know the set port security command can allow access to a mac address, but can it be done for a ip address.

2 REPLIES
New Member

Re: Can the 5500 switch port restrict ip address

with an IP permit list you can define what kind of L3 sources may access the switch for Telnet and SNMP. Do you mean this?

Access-lists like on a router cannot be implemented because basically the switch will not look at the layer 3 information of the packets wich enter on the switch ports.

Dimitri

New Member

Re: Can the 5500 switch port restrict ip address

A switch is a L2 device and it doesn't look for L3 addresses. All the access-control must be made on a L3 device, like a router (or a L3 card on the switch). If you want to restrict traffic from hosts in one VLAN to another VLAN, you have to create ACLs on the router that is doing interVLAN routing.

On a switch, "port secure" only restricts the number os MAC addresses allowed on a port/interface.

144
Views
0
Helpful
2
Replies
CreatePlease login to create content