From: alain faure (alainfaure@xxxxxxxx)
Date: Tue May 28 2002 - 12:44:25 GMT-3
Hello,
If you use the security feature. You can also use a DHCP server, configuring a
association between the mac address and the IP address. Like that, you secure
the MAC address (witch is really important for security) and attribute the ip
address f(mac address).
Best regards
--- Chuck Church <cchurch@MAGNACOM.com> a icrit : > Juan,
>
> What problem are you trying to solve here? Since it's a layer 2
> switch, it only uses ARP to facilitate remote devices talking to it's
> management interface. So if you're trying to limit who can get to SC0, why
> not just use 'set ip permit'? If you want to make sure that 'permitted' IP
> address always has the same port and MAC, you can set the cam and arp
> entries to permanent, which will survive resets. And port security might
> help as well. I know all these options exist on CATOS 6.3 on 4000 series,
> not sure about other codes or models. HTH.
>
> Chuck Church
> CCIE #8776, MCNE, MCSE
> Sr. Network Engineer
> Magnacom Technologies
> 140 N. Rt. 303
> Valley Cottage, NY 10989
> 845-267-4000
>
>
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
> jfaure@sztele.com
> Sent: Monday, May 27, 2002 10:47 AM
> To: ccielab@groupstudy.com
> Subject: MAC & IP ADDRESS RESERVATION IN LAYER 2 SWITCH
>
>
> Hi Guys!
>
> I'm wondering how can I reserve a Mac ADDRESS and an IP address (the two
> conditions) to a specific Catalyst layer 2 switch port. I know you can set
> a permanent or static entry in the CAM table of it, but the problem is to
> reserve the IP address too, to only permit that a PC with this MAC and this
> IP can connect to the switch by this specific port.
>
> I've seen that you can "edit" the ARP table of the switch, and you can set
> an ARP entry too. The problem is that if you don't stablish the aging-time
> to infinite, this entry (that would link the MAC address and the IP address
> I need) will be deleted. Then, if I stablisht the aging-time to infinite,
> the switch don't relearns the macs (I think) and then it can be a problem
> if you translate some equipment from a Catalyst port to another one.
>
> Do you know any way to do so, or do you think this is the right way to
> solve this?
>
> Regards
>
> Juan Faure Ferrer
> email: jfaure@sztele.com
>
> Lmnea de Negocio de Telematica y CC
> Ingeniero de Integracisn de Redes y Sistemas
> ----------------------------------------------------------------------------
>
> SOLUZIONA TELECOMUNICACIONES
> Servicios Profesionales de UNION FENOSA
> Jerez, 3
> 28016 MADRID
> tel 91 579 30 00 fax 91 350 72 83
> ---------------------------------------------------------------------------
This archive was generated by hypermail 2.1.4 : Thu Jun 13 2002 - 10:59:10 GMT-3