We want to filter IP traffic by MAC address on Catalyst 4500. Since we are using bonding (active-backup mode) we need those mac addresses appear on different ports. Below are solutions that we have tried:
Please give us a hint how to proceed!
I am afraid that neither of these solutions will work for you, for reasons you have very nicely explained yourself.
In my opinion, the only viable solution is to use IP Source Guard that makes sure that only communication with approved IP/MAC binding will be permitted. Are you familiar with the IP Source Guard? In order to do this flexibly, you will need to assign the addresses to your stations via DHCP (you can always configure DHCP to assign fixed IP addresses to predefined MAC addresses) and run DHCP Snooping plus the IP Source Guard. Apart from this, I am not sure if there is any other technique you could use.
Read more here:
Thank you for your response.
Unfortunaly we can not use DHCP either ;-). We are using static IP addresses.
Any other suggestion?
The same guide I've posted earlier shows that the IP Source Guard can be configured with static IP-to-MAC mappings so you don't need the DHCP and the DHCP Snooping. Perhaps this could be a solution for you...?