From: samccie2004@yahoo.co.uk
Date: Thu Jun 17 2004 - 16:38:07 GMT-3
Of course ! I got it all wrong !
I totally miss understood the use of this command, in fact what I am doing
is the opposite of the requirement.
Thanks
Sam
-----Original Message-----
From: Tom Rogers [mailto:cccie71@yahoo.com]
Sent: 17 June 2004 20:29
To: samccie2004@yahoo.co.uk; studygroup
Subject: RE: IE lab12 task 1.14
Sam,
According to your config "switchport port-security mac-address
0030.1369.87a0
" if that is the router mac, traffic will be allowed into the switch from
that mac. If You have several PC's behind this router, all will get access.
To answer your question ,If the switch sees the mac address of the router
IT WILL NOT BLOCK IT which in turn will allow PC traffic to through also.
Tom
samccie2004@yahoo.co.uk wrote:
Hi Tom
Thanks for the reply, but this is where I am getting confused. If the
switch
sees the mac address of the router and blocks it then no traffic from
router and therefore from PC will be forwarded. Am I missing something
really simple here and obvious ?
Cheers
Sam
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com]On Behalf Of
Tom Rogers
Sent: 17 June 2004 09:02
To: samccie2004@yahoo.co.uk; studygroup
Subject: Re: IE lab12 task 1.14
Sam,
I dont think so.....
This port will allow traffic from that mac. And I beleive that is your
router's mac, right ?
If yes.... guess what.... the switch does not see PC's (PCs connected to
router) mac's
And you know why. So all the traffic that the switch is going to see is
from
the same mac for all the PC's.
So tell me where re you restricting the PCs?
Tom
samccie2004@yahoo.co.uk wrote:
Hi all
Would this be a valid solution. I understand the proposed solution and
how
IP traffic can slip thru the net.
The below solution would simply block the port ?
Switch#sh run int fa0/7
Building configuration...
Current configuration : 181 bytes
!
interface FastEthernet0/7
switchport mode access
switchport port-security
switchport port-security violation restrict
switchport port-security mac-address 0030.1369.87a0
end
TIA
Sam
_______________________________________________________________________
Please help support GroupStudy by purchasing your study materials from:
http://shop.groupstudy.com
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
---------------------------------
Do you Yahoo!?
New and Improved Yahoo! Mail - Send 10MB messages!
_______________________________________________________________________
Please help support GroupStudy by purchasing your study materials from:
http://shop.groupstudy.com
Subscription information may be found at:
http://www.groupstudy.com/list/CCIELab.html
----------------------------------------------------------------------------
-- Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard.
This archive was generated by hypermail 2.1.4 : Sat Jul 03 2004 - 19:40:43 GMT-3