[c-nsp] VLAN MAP

Jared Mauch jared at puck.nether.net
Tue May 16 12:33:59 EDT 2006 

On Tue, May 16, 2006 at 09:31:00AM -0700, Kumar, Prashanth wrote:
> I am  looking at blocking at vlan level. So that users cannot plug in 2
> hosts in the switch with different ip address than assigned to vlan.

	Yes, and this will work for you.  Check it out.

	- Jared

> -----Original Message-----
> From: Jared Mauch [mailto:jared at puck.nether.net] 
> Sent: Tuesday, May 16, 2006 7:26 AM
> To: Tom Sands
> Cc: Kumar, Prashanth; cisco-nsp at puck.nether.net
> Subject: Re: [c-nsp] VLAN MAP
> 
> 	Why not just use unicast-rpf?
> 
> 	ip verify unicast ..
> 
> 	- jared
> 
> On Tue, May 16, 2006 at 09:13:39AM -0500, Tom Sands wrote:
> > Sounds simply like an ACL you would typically use to prevent spoofing.
> > 
> > ip access-list extended vlan5
> > permit ip 10.254.254.0 0.0.0.255 any
> > 
> > int vlan 5
> > ip access-group vlan5 in
> > 
> > 
> > 
> > Kumar, Prashanth wrote:
> > 
> > > I am trying to see if it is possible to limit hosts in a vlan to be
> in a
> > > particular subnet. If they are
> > > 
> > > No in that subnet they are not able to send/receive data using vlan
> > > maps.
> > > 
> > >  
> > > 
> > > For Eg all hosts connected to ports in vlan 5 need to have ip
> address
> > > 10.254.254.0/24.
> > > 
> > > If they are not on the same subnet, they get disconnected.
> > > 
> > >  
> > > 
> > >  
> > > 
> > > Thx
> > > 
> > > Prashanth
> > > 
> > > _______________________________________________
> > > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > > 
> > 
> > -- 
> > ------------------------------------------------------
> > Tom Sands			  				
> > Chief Network Engineer				
> > Rackspace Managed Hosting	    	
> > (210)447-4065		   	
> > ------------------------------------------------------
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> 
> -- 
> Jared Mauch  | pgp key available via finger from jared at puck.nether.net
> clue++;      | http://puck.nether.net/~jared/  My statements are only
> mine.

-- 
Jared Mauch  | pgp key available via finger from jared at puck.nether.net
clue++;      | http://puck.nether.net/~jared/  My statements are only mine.

More information about the cisco-nsp mailing list