|
|
Re: [cisco-ttl] cisco 4006 switch- IP - MAC esleme
From: belgin sarper <belginsarper_at_....>
Date: Thu Nov 09 2006 - 19:59:04 EET
Agda yaklasik 1500 kullanici var. Bu kullanicilara statik ip veriliyor, herkesin kendi IP si var. Ancak bazi kisiler IP lerini degistiriyorlar. IP degistirmeyi engellemek icin IP-MAC eslemesi yapmak istiyoruz. Ornegin firewalla herkesin MAC adresi gelirse, bir seferligine fw uzerinde her MAC e sadece bir IP eslenecek, dolayisiyla o kisi IP sini degistirirse internet baglantisi kesilecek. Bunu 2950 uzerinde yapabiliyorsak bu bizim icin cok daha iyi olacak. Bu soyledigimi yapabilirmiyiz? Tesekkurler... belgin Serhat Uslay <serhat.uslay@zurich.com.au> wrote:
Firewall da mac addresi ile ne yapmak istediginizi anlayamadim, iyi bir
pratik olmayabilir. Biraz acarmisniz ?
• DHCP snooping • DHCP Option 82 • DHCP Option 82 insertion • DHCP Option 82 Pass Through yada 29xx serisinde port bazinda mac adresi guvenligi saglayabilirsiniz.Asagidaki bir ornek yolluyorum.
interface FastEthernet0/2
mac-address-table secure xxxx.xxxx.xxxx FastEthernet0/2 vlan 1 Serhat
belgin sarper <belginsarper@yahoo.com>
To
Subject
Merhaba, Asagidaki gibi bir topoloji ve bununla ilgili bir problem var. Yardimci olabilirseniz sevinirim.
Uclarda Cisco 2950, toplam 8 adet
Tesekkurler. Gerekli bilgiler: Cisco 2950
Cisco Internetwork Operating System Software
IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE
SOFTWARE (fc1)
Cisco 4006
Cisco Internetwork Operating System Software
IOS (tm) L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(7)W5(15d)
RELEASE SOFTWARE
Firewall Portchannel 1.8 de. Config on 4006
version 12.0
ip address xxxx 255.255.255.128 secondary ip address xxxx 255.255.255.0 secondary ip address xxxx 255.255.255.192 secondary ip address xxxx 255.255.255.192 secondary ip address xxxx 255.255.255.192 no ip redirects no ip directed-broadcast ip accounting output-packets no ip mroute-cache ! interface Port-channel1.2 encapsulation dot1Q 2 ip address xxxx 255.255.255.0 secondary ip address xxxx 255.255.255.0 secondary ip address xxxx 255.255.255.0 secondary ip address xxxx 255.255.255.0 ip access-group 182 in ip access-group 182 out no ip redirects no ip directed-broadcast no ip mroute-cache ! interface Port-channel1.3 encapsulation dot1Q 3 ip address xxxx 255.255.255.0 secondary ip address xxxx 255.255.255.0 secondary ip address xxxx 255.255.255.0 ip access-group 112 in ip access-group 112 out no ip redirects no ip directed-broadcast no ip mroute-cache ! interface Port-channel1.4 encapsulation dot1Q 4 ip address xxxx 255.255.255.0 ip access-group 182 in ip access-group 182 out no ip redirects no ip directed-broadcast no ip mroute-cache ! interface Port-channel1.5 encapsulation dot1Q 5 ip address xxxx 255.255.255.0 secondary ip address xxxx 255.255.255.0 secondary ip address xxxx 255.255.255.0 secondary ip address xxxx 255.255.255.0 ip access-group 112 in ip access-group 112 out no ip redirects no ip directed-broadcast no ip mroute-cache ! interface Port-channel1.6 encapsulation dot1Q 6 ip address xxxx 255.255.255.0 secondary ip address xxxx 255.255.255.0 ip access-group 112 in ip access-group 112 out no ip redirects no ip directed-broadcast no ip mroute-cache ! interface Port-channel1.7 encapsulation dot1Q 7 ip address xxxx 255.255.255.0 ip access-group 112 in ip access-group 112 out no ip redirects no ip directed-broadcast no ip mroute-cache ! interface Port-channel1.8 encapsulation dot1Q 8 ip address xxxx 255.255.255.128 secondary ip address xxxx 255.255.255.192 secondary ip address xxxx 255.255.255.0 secondary ip address xxxx 255.255.255.0 ip access-group 112 in ip access-group 112 out no ip redirects no ip directed-broadcast no ip mroute-cache ! interface Port-channel1.24 encapsulation dot1Q 24 no ip redirects no ip directed-broadcast no ip mroute-cache ! interface Port-channel1.25 encapsulation dot1Q 25 ip address xxxx 255.255.255.0 ip access-group 112 in ip access-group 112 out no ip redirects no ip directed-broadcast no ip mroute-cache ! interface Port-channel1.99 encapsulation dot1Q 99 native no ip redirects no ip directed-broadcast no ip mroute-cache ! interface FastEthernet1 no ip address no ip directed-broadcast ! interface GigabitEthernet1 no ip address no ip directed-broadcast shutdown ! interface GigabitEthernet2 no ip address no ip directed-broadcast shutdown ! interface GigabitEthernet3 no ip address no ip directed-broadcast no ip mroute-cache no negotiation auto channel-group 1 ! interface GigabitEthernet4 no ip address no ip directed-broadcast no ip mroute-cache no negotiation auto channel-group 1 ! ip classless ip route 0.0.0.0 0.0.0.0 xxxx ip route xxxx 255.255.255.248 Port-channel1.24 ip route xxxx 255.255.255.255 Port-channel1.1 ip route xxxx 255.255.255.255 Port-channel1.1 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.128 Port-channel1.1 ip route xxxx 255.255.255.255 Port-channel1.8 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.2 ip route xxxx 255.255.255.255 Port-channel1.2 ip route xxxx 255.255.255.255 Port-channel1.2 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3 ! access-list 112 permit ip any any access-list 112 permit tcp any any access-list 112 permit udp any any access-list 182 deny tcp any any eq 445 access-list 182 deny tcp any any eq 135 access-list 182 deny tcp any any eq 137 access-list 182 deny udp any any eq netbios-ns access-list 182 permit ip any any access-list 199 permit ip xxxx 0.0.0.255 anyarp 127.0.0.2 0002.fc2a.2800 ARP ! end Sponsored Link Mortgage rates near 39yr lows. $420,000 Mortgage for $1,399/mo - Calculate new house payment [Non-text portions of this message have been removed]
--
Cisco Teknik Tartisma Listesi (Cisco-ttl)
Bu listede onerilen degisikliklerin uygulanmasindaki tum sorumluluk
kullaniciya aittir. Liste yoneticileri, oneride bulunan liste uyeleri ya
da
bu uyelerin calistigi kuruluslar herhangi bir sekilde sorumlu
tutulamazlar.
Yahoo! Groups Links
----
This email is intended for the named recipient only. It may contain information which is confidential, commercially sensitive, or copyright. If you are not the intended recipient you must not reproduce or distribute any part of the email, disclose its contents, or take any action in reliance. If you have received this email in error, please contact the sender and delete the message. It is your responsibility to scan this email and any attachments for viruses and other defects.
To the extent permitted by law, Zurich and its associates will not be liable for any loss or damage arising in any way from this communication including any file attachments. We may monitor email you send to us, either as a reply to this email or any email you send to us, to confirm our systems are protected and for compliance with company policies. Although we take reasonable precautions to protect the confidentiality of our email systems, we do not warrant the confidentiality or security of email or attachments we receive.
[Non-text portions of this message have been removed]
---------------------------------
Access over 1 million songs - Yahoo! Music Unlimited.
[Non-text portions of this message have been removed]
Received on Fri Nov 10 13:26:25 2006
This archive was generated by hypermail 2.1.8 : Fri Nov 10 2006 - 13:26:26 EET |