cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

5047
Views
139
Helpful
33
Replies
Participant

Layer 2 Security on Cisco Catalyst Platforms

Hello Alain.

Actually as stated in the 6500 configuration guide:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SY/configuration/guide/port_acls.html

PACL are indeed applied to routed traffic as well. I apologize if somewhere above I mentioned routed traffic is not affected by PACLs.

Regards.

Wilson B.

Beginner

Layer 2 Security on Cisco Catalyst Platforms

Dear Wilsion,

Thank you for your response, it was very helpful and thank you Alain for the inbound addition

As you explained, the IP Source Guard solution will not be complete without the DHCP snooping.

However, I forgot to mention that clients are assigned static IPs and since their mac address change a lot wouldn't you agree that PACL in this case require less administrative intervention and may be a better solution?

Thanks,

-Ahmad

Advisor

Layer 2 Security on Cisco Catalyst Platforms

Hi,

You can use IP Source Guard with hosts having static IPs.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750x_3560x/software/release/12.2_55_se/configuration/guide/swdhcp82.html#wp1281565

Regards

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Highlighted
Participant

Layer 2 Security on Cisco Catalyst Platforms

Hello Ahmad.

That is a very special scenario, I don't overseen a scenario where the same user with static ip address change its mac address oftenly. Now, as Alain mentioned, you can also configure Ip Source guard with static ip address configuration, which might involve adminitrative burden to the process but with better results. Anyways there are always different configurations to achieve the same result. I would stick with the IP source guard. Feel free to email me if you have further questions.

Regards.

Wilson B.

CreatePlease to create content
Content for Community-Ad