port based ACL is possible on 2950? i mean my requirement as follows on a vlan having diff. network segment, switches are vlan 5, servers vlan 6, clients vlan 7, pc vlan 8,they interconnect each other, layer 3 - 3750, layer 2 - 2950, on one of the switch port fas 0/1 a pc is connected ip address 192.168.1.1/24, only a pc having 192.168.1.1/24 connected on this port can access other pc/server on the network, if the pc ip address is been changed to 192.168.1.2 ,it should not reach other pc/server, i think it is possibile with the following
interface fastethernet 0/1
switchport access vlan 8
switchport mode access
ip access-group 101 in
interface gigabitethernet 0/1
description ***connected to 3750***
switchport mode trunk
interface vlan 5
ip address 10.1.1.2 255.255.255.0
ip default-gateway 10.1.1.254
access-list 101 permit ip host 192.168.1.1 0.0.0.255 any.
am i right? if not correct.
note: in 3750 vlan is configured, i don't wanted to put any access-list on this,as i wanted a port based access-list on the edge switches only, only then it will satisfy my need.
[toc:faq]The ProblemOn traditional switches whenever we have a trunk
interface we use the VLAN tag to demultiplex the VLANs. The switch needs
to determine which MAC Address table to look in for a forwarding
decision. To do this we require the switch to do...
[toc:faq]Introduction:Netdr is a tool available on a RSP720, Sup720 or
Sup32 that allows one to capture packets on the RP or SP inband. The
netdr command can be used to capture both Tx and Rx packets in the
software switching path. This is not a substitut...
IntroductionOSPF, being a link-state protocol, allows for every router
in the network to know of every link and OSPF speaker in the entire
network. From this picture each router independently runs the Shortest
Path First (SPF) algorithm to determine the b...