Link to home
Create AccountLog in
Avatar of marianhe
marianhe

asked on

MAC security in Cisco networks

Let's have Catalyst 6500 with dozens of Catalyst 3750 (Es and Gs).

How would you achieve this: only IP address 1.2.3.4 and its MAC address 00-11-22-33-44-55 is allowed to communicate through certain port of certain Catalyst 3750?

I want to prevent IP address from stealing.
Avatar of Don Johnston
Don Johnston
Flag of United States of America image

Port ACL (PACL).
Avatar of marianhe
marianhe

ASKER

Deny PACL on all ports except one?
That'll be hundreds of PACLs.
No. You said you want to allow a specific MAC/IP on a certain port. Either an IP and MAC PACL on that one port, or you can enable port security on that port along with one IP PACL on the port.
Yes, I want allow the MAC/IP on a certain port but deny it on others.

Assume you have dozens of 48 port switches and 200 ports are in VLAN 123. Your IP address is 1.2.3.4 and it "belongs" into VLAN 123. You're administrator and you do not want others to manually assign your IP address because of security risks.

It sufficient to do PACL only on ports which are in VLAN 123?
ASKER CERTIFIED SOLUTION
Avatar of Don Johnston
Don Johnston
Flag of United States of America image

Link to home
membership
Create an account to see this answer
Signing up is free. No credit card required.
Create Account
On every interface or each interface from VLAN 123?
On every interface that you want to restrict access for.