[c-nsp] FW: [2600-AU] Catalyst Port Security

Adam KOSA adamk at sch.bme.hu
Fri Oct 1 03:17:27 EDT 2004


If i understand your letter, you are trying to use port security on the

I'm just a newbie, but this sounds like you need vmps.  You can define
port groups, mac address groups, and can associate them.


why not create an extended mac access list, which permits the required 5
MAC addresses, and then mac access-group <aclname> in on the interfaces?


conf t
mac access-list extended goodguys
permit host 0000.1111.2222 any
permit host 1111.2222.3333 any
int range <interface> - <interface>
mac access-group goodguys in

sorry if i misunderstood something.


> I am attempting to restrict two (2) ports on a Cisco Catalyst 2950 to a list
> of ~5 MAC addresses. These MAC addresses are the only addresses permitted to
> connect on these two public ports.
> PROBLEM: A mac address can only be associated with one port at a time thus -
> I cannot apply both lists two both ports.
> If anyone on the list has info on how to do this or knows of someone who
> does I'd greatly appreciate it. I don't want to have to call up
> TAC-Thailand...
> ----
> ...Skeeve
> ========================================================================
>  Personal Web Hosting from $5/month            www.platformnetworks.net
>  Forward undetected SPAM to:                   spam at mailsecurity.net.au
> ========================================================================
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/


Egy evben csak egyszer van mayten!

More information about the cisco-nsp mailing list