[cisco-ttl] cisco 4006 switch- IP - MAC esleme

From: belgin sarper <belginsarper_at_....>
Date: Wed Nov 08 2006 - 20:45:43 EET


Merhaba,    

  Asagidaki gibi bir topoloji ve bununla ilgili bir problem var. Yardimci olabilirseniz sevinirim.    

  Uclarda Cisco 2950, toplam 8 adet
  Merkezde Cisco Catalyst 4006 switch with L3 module. Switch uzerinde toplam 8 adet fiber port ve 32 adet ethernet portu mevcut.   2950 ler fiber ile 4006 ya gelmektedir. 4006 da toplanip cikis firewalla ( fw ethernet portlarindan birine bagli) firewall uzerinden cisco 7206 ya ve internete   Her fiber porta bagli olan bacaklarda VLAN lar tanımlı. Agdaki kullanicilara sabit ip verilmistir. Herhangi bir domain yapisi yoktur. Amacimiz kullanicilarin ip lerini degistirmesini engellemek. Bunun icin firewall uzerinde IP-MAC eslemesi yapmak istiyoruz. Ancak switch L3 de calistigi icin butun kullanicilarin MAC leri switchin fiber girisine kadar geliyor, ancak firewall tarafina dogal olarak gecmiyor.   Birincisi IP-MAC esleme 2950 veya 4006 uzerinde yapilabilir mi?   İkincisi MAC leri nasil gecirebilirim firewalla ?   Bu konuda yardimci olursaniz sevinirim.    

  Tesekkurler.    

  Gerekli bilgiler:    

  Cisco 2950    

  Cisco Internetwork Operating System Software IOS (tm) C2950 Software (C2950-I6Q4L2-M), Version 12.1(13)EA1, RELEASE SOFTWARE (fc1) Copyright (c) 1986-2003 by cisco Systems, Inc.   cisco WS-C2950G-24-EI (RC32300) processor (revision G0) with 20839K bytes of memory. Processor board ID FOC0733Z20G
Last reset from system-reset
Running Enhanced Image
24 FastEthernet/IEEE 802.3 interface(s) 2 Gigabit Ethernet/IEEE 802.3 interface(s)    

  Cisco 4006    

  Cisco Internetwork Operating System Software IOS (tm) L3 Switch/Router Software (CAT4232-IN-M), Version 12.0(7)W5(15d) RELEASE SOFTWARE Copyright (c) 1986-2000 by cisco Systems, Inc        

  Firewall Portchannel 1.8 de.    

  Config on 4006    

  version 12.0
no service pad
service timestamps debug uptime
service timestamps log uptime
!

ip subnet-zero
!
!
!

interface Port-channel1
 bandwidth 1000000
 no ip address
 no ip directed-broadcast
 no ip mroute-cache
 load-interval 30
 hold-queue 300 in
!

interface Port-channel1.1
 encapsulation dot1Q 1

 ip address xxxx 255.255.255.128 secondary
 ip address xxxx 255.255.255.0 secondary
 ip address xxxx 255.255.255.192 secondary
 ip address xxxx 255.255.255.192 secondary
 ip address xxxx 255.255.255.192

 no ip redirects
 no ip directed-broadcast
 ip accounting output-packets
 no ip mroute-cache
!

interface Port-channel1.2
  encapsulation dot1Q 2
 ip address xxxx 255.255.255.0 secondary
 ip address xxxx 255.255.255.0 secondary
 ip address xxxx 255.255.255.0 secondary
 ip address xxxx 255.255.255.0

 ip access-group 182 in
 ip access-group 182 out
 no ip redirects
 no ip directed-broadcast
 no ip mroute-cache
!

interface Port-channel1.3
  encapsulation dot1Q 3
 ip address xxxx 255.255.255.0 secondary
 ip address xxxx 255.255.255.0 secondary
 ip address xxxx 255.255.255.0

 ip access-group 112 in
 ip access-group 112 out
 no ip redirects
 no ip directed-broadcast
 no ip mroute-cache
!

interface Port-channel1.4
  encapsulation dot1Q 4
 ip address xxxx 255.255.255.0
 ip access-group 182 in
 ip access-group 182 out
 no ip redirects
 no ip directed-broadcast
 no ip mroute-cache
!

interface Port-channel1.5
 encapsulation dot1Q 5
 ip address xxxx 255.255.255.0 secondary
 ip address xxxx 255.255.255.0 secondary
 ip address xxxx 255.255.255.0 secondary
 ip address xxxx 255.255.255.0

 ip access-group 112 in
 ip access-group 112 out
 no ip redirects
 no ip directed-broadcast
 no ip mroute-cache
!

interface Port-channel1.6
  encapsulation dot1Q 6
 ip address xxxx 255.255.255.0 secondary  ip address xxxx 255.255.255.0
 ip access-group 112 in
 ip access-group 112 out
 no ip redirects
 no ip directed-broadcast
 no ip mroute-cache
!

interface Port-channel1.7
  encapsulation dot1Q 7
 ip address xxxx 255.255.255.0
 ip access-group 112 in
 ip access-group 112 out
 no ip redirects
 no ip directed-broadcast
 no ip mroute-cache
!

interface Port-channel1.8
  encapsulation dot1Q 8
 ip address xxxx 255.255.255.128 secondary
 ip address xxxx 255.255.255.192 secondary
 ip address xxxx 255.255.255.0 secondary
 ip address xxxx 255.255.255.0

 ip access-group 112 in
 ip access-group 112 out
 no ip redirects
 no ip directed-broadcast
 no ip mroute-cache
!

interface Port-channel1.24
 encapsulation dot1Q 24
 no ip redirects
 no ip directed-broadcast
 no ip mroute-cache
!

interface Port-channel1.25
  encapsulation dot1Q 25
 ip address xxxx 255.255.255.0
 ip access-group 112 in
   ip access-group 112 out
 no ip redirects
 no ip directed-broadcast
 no ip mroute-cache
!

interface Port-channel1.99
 encapsulation dot1Q 99 native
 no ip redirects
 no ip directed-broadcast
 no ip mroute-cache
!

interface FastEthernet1
 no ip address
 no ip directed-broadcast
!

interface GigabitEthernet1
 no ip address
 no ip directed-broadcast
 shutdown
!

interface GigabitEthernet2
 no ip address
 no ip directed-broadcast
 shutdown
!

interface GigabitEthernet3
 no ip address
 no ip directed-broadcast
 no ip mroute-cache
 no negotiation auto
 channel-group 1
!

interface GigabitEthernet4
 no ip address
 no ip directed-broadcast
 no ip mroute-cache
 no negotiation auto
 channel-group 1
!

ip classless
ip route 0.0.0.0 0.0.0.0 xxxx
ip route xxxx 255.255.255.248 Port-channel1.24 ip route xxxx 255.255.255.255 Port-channel1.1   ip route xxxx 255.255.255.255 Port-channel1.1 ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.128 Port-channel1.1 ip route xxxx 255.255.255.255 Port-channel1.8
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.2
ip route xxxx 255.255.255.255 Port-channel1.2
ip route xxxx 255.255.255.255 Port-channel1.2
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.3
ip route xxxx 255.255.255.255 Port-channel1.3 ip route xxxx 255.255.255.255 Port-channel1.3
!
access-list 112 permit ip any any 
access-list 112 permit tcp any any
access-list 112 permit udp any any
access-list 182 deny   tcp any any eq 445
access-list 182 deny   tcp any any eq 135 
access-list 182 deny   tcp any any eq 137
access-list 182 deny   udp any any eq netbios-ns 
access-list 182 permit ip any any
access-list 199 permit ip xxxx 0.0.0.255 any
arp 127.0.0.2 0002.fc2a.2800 ARP
!

   end  



Sponsored Link

Mortgage rates near 39yr lows. $420,000 Mortgage for $1,399/mo - Calculate new house payment

[Non-text portions of this message have been removed] Received on Wed Nov 8 21:20:08 2006

This archive was generated by hypermail 2.1.8 : Wed Nov 08 2006 - 21:20:17 EET