Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Reg: Cat 3550 - Port Security

HI,

I would like to know whether there is any other solution to complete the following task :

Allow only pc with mac address 0001.0001.0001 and ip address 10.1.1.1

to access interface f0/10 on cat 3550. You cannot use Layer 2 or Layer 3 access list to complete the task.

We have tried the following solution to achieve the result :

1. If we do a static arp entry after enabling port security feature and change the ip address of the pc the traffic will still go through.

2. If we use vlan map it will work but it will also block all the traffic from 10.1.1.1 in the whole vlan. Only possibility to use this option is to create a new vlan and only add this port to this vlan.

Apart from L2 / L3 access list and vlan maps is there any other solution to solve the above problem ?

Tks & Regards

2 REPLIES
Bronze

Re: Reg: Cat 3550 - Port Security

I figured it was a comibnation of the static arp entry your used and "port security" which locks a port so it can only be used by one mac address. here's the interface command

switchport port-security mac-address mac-address

New Member

Re: Reg: Cat 3550 - Port Security

Hi,

If I use the combination as you suggested the switch port starts acting

as a proxy arp. Its start assigning mutiple ip address to the same mac address which has been locked by port security. In short by the above command I could only lock the mac address but could not limit the switchport to single ip address.

Any other solution apart from the above.

TKs

79
Views
0
Helpful
2
Replies