Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Port Security on 3550 based on given MAC-Address and IP-Address

How can I configure PortSecurity based on MAc-Address and IP-Address..... I only know about "switchport port-security mac-address" but there must be a way to manage this in conjunction with an IP.... Static ARp entry ????

1 ACCEPTED SOLUTION

Accepted Solutions
Bronze

Re: Port Security on 3550 based on given MAC-Address and IP-Addr

A static ARP entry will only come into play when routing is taking place. So, for traffic that is switched instead of routed (traffic destined to the source's subnet), the source IP doesn't come into play, and is hence irrelevant to the switch. But, even with layer-3 traffic, a static ARP entry doesn't do the trick because it doesn't stop the host with the secure MAC address from using a different IP address -- it only stops another host (with a different MAC address) from using the secure host's IP.

Therefore, the only way that I can see to allow traffic only from "secure" IP addresses is to configure an IP access list for each switch port, and use it in conjuction with port security.

2 REPLIES
Bronze

Re: Port Security on 3550 based on given MAC-Address and IP-Addr

A static ARP entry will only come into play when routing is taking place. So, for traffic that is switched instead of routed (traffic destined to the source's subnet), the source IP doesn't come into play, and is hence irrelevant to the switch. But, even with layer-3 traffic, a static ARP entry doesn't do the trick because it doesn't stop the host with the secure MAC address from using a different IP address -- it only stops another host (with a different MAC address) from using the secure host's IP.

Therefore, the only way that I can see to allow traffic only from "secure" IP addresses is to configure an IP access list for each switch port, and use it in conjuction with port security.

New Member

Re: Port Security on 3550 based on given MAC-Address and IP-Addr

Thanx for the reply, I think that will solve the problem !!!!!

regards

102
Views
0
Helpful
2
Replies