RE: How to restrict hubs in a LAN [7:54937]

Sat, 05 Oct 2002 14:22:48 -0700 

John,

        You can enable port security on the switch ports to only allow a specific #
of macs.  See below:

LILO#config t
Enter configuration commands, one per line.  End with CNTL/Z.
LILO(config)#int fa0/1
LILO(config-if)#port ?
  block          Forwarding of unknown uni/multi cast addresses
  group          Place this interface in a port group
  monitor        Monitor another interface
  network        Configure an interface to be a network port
  protected      Configure an interface to be a protected port
  security       Configure an interface to be a secure port
  storm-control  Configure storm control parameters

LILO(config-if)#port security ?
  action         action to take for security violation
  aging          Enable Port-security aging
  max-mac-count  maximum mac address count
  

LILO(config-if)#port security max-mac-count ?
    Maximum mac address count for this secure port

LILO(config-if)#port security max-mac-count 1

LILO(config-if)#port security action ?
  shutdown  shut down the port from which security violation is detected
  trap      send snmp trap for security violaiton

LILO(config-if)#port security action shutdown


Hope this helps,
Daren

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of
John Zaggat
Sent: Saturday, October 05, 2002 11:02 AM
To: [EMAIL PROTECTED]
Subject: How to restrict hubs in a LAN [7:54937]


I am just trying to think of how to restrict Hubs from being used in the
LAN. Politically it's a mess and despite a lot of discussions certain people
are able to add hubs at will where ever they want. So I was trying to think
of a way to stop that within the switch. Now normally these ports that the
hubs are connected to show several mac addresses when I do "show cam" which
gives me an idea is there any way to restrict host ports to only accept one
mac-address. I don't want to hardcode the mac-address because that would be
too much a administrative burden. But if I could restrict the port to accept
just one mac-address then that will make these hubs useless. Well anyways
let me know  if I am way off here but are there any other tricks in use by
any of you guys. I'll appreciate any pointers.
JZ




Message Posted at:
http://www.groupstudy.com/form/read.php?f=7&i=54939&t=54937
--------------------------------------------------
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]

Reply via email to