[c-nsp] VLAN MAP
Kumar, Prashanth
PKumar at ea.com
Tue May 16 12:31:00 EDT 2006
I am looking at blocking at vlan level. So that users cannot plug in 2
hosts in the switch with different ip address than assigned to vlan.
Thx
Prashanth
-----Original Message-----
From: Jared Mauch [mailto:jared at puck.nether.net]
Sent: Tuesday, May 16, 2006 7:26 AM
To: Tom Sands
Cc: Kumar, Prashanth; cisco-nsp at puck.nether.net
Subject: Re: [c-nsp] VLAN MAP
Why not just use unicast-rpf?
ip verify unicast ..
- jared
On Tue, May 16, 2006 at 09:13:39AM -0500, Tom Sands wrote:
> Sounds simply like an ACL you would typically use to prevent spoofing.
>
> ip access-list extended vlan5
> permit ip 10.254.254.0 0.0.0.255 any
>
> int vlan 5
> ip access-group vlan5 in
>
>
>
> Kumar, Prashanth wrote:
>
> > I am trying to see if it is possible to limit hosts in a vlan to be
in a
> > particular subnet. If they are
> >
> > No in that subnet they are not able to send/receive data using vlan
> > maps.
> >
> >
> >
> > For Eg all hosts connected to ports in vlan 5 need to have ip
address
> > 10.254.254.0/24.
> >
> > If they are not on the same subnet, they get disconnected.
> >
> >
> >
> >
> >
> > Thx
> >
> > Prashanth
> >
> > _______________________________________________
> > cisco-nsp mailing list cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> >
>
> --
> ------------------------------------------------------
> Tom Sands
> Chief Network Engineer
> Rackspace Managed Hosting
> (210)447-4065
> ------------------------------------------------------
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
--
Jared Mauch | pgp key available via finger from jared at puck.nether.net
clue++; | http://puck.nether.net/~jared/ My statements are only
mine.
More information about the cisco-nsp
mailing list