Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Blocking traffic on a 2900XL

Status
Not open for further replies.

americanmcneil

Technical User
Jan 29, 2007
63
US
On a switchport (Cisco 2900 XL) I want to allow 10.7.x.x traffic but block 192.168.x.x traffic. Anyone know the command for this?

Thanks

Scott "Thrown to the Wolves" McNeil
 
For layer 3 filtering, it has to be done at the router. A switchport in a layer 2 switch can only be configured to filter MAC addresses.

Burt
 
Hi Burt
Be careful!The 2950 can do level access-list.As for 2900 series,you can try with the "mac-address-table secure" command.
Regards
 
So if I am reading the mac-address-secure write up correctly, this command will only let traffic pass from the listed MAC addresses?

Scott "Thrown to the Wolves" McNeil
 
Hi Burt
Be careful!The 2950 can do level access-list.As for 2900 series,you can try with the "mac-address-table secure" command.
Regards

The 2900XL can't..... The 2950 (or at least the ones that run the EI features) is a much more advanced switch than the 2900XL (& 3500XL). The 2900XL is pretty simple and can't do any filtering on the physical ports.

Andy
 
Hello
I was too quick on that one.And I confuse that with another command,the "port security max-mac-count".This command could be a work around for you situation.But first you will have to make the switch learn the 10.7.x.x address first.The "port security aging" command would give extra stabilty.
As I said before this is a work around,it would be better to use at least a cisco 2950 or use a Router.
Regards
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top