Blocking traffic on a 2900XL

[americanmcneil]

On a switchport (Cisco 2900 XL) I want to allow 10.7.x.x traffic but block 192.168.x.x traffic. Anyone know the command for this?

Thanks

Scott "Thrown to the Wolves" McNeil

http://www.epproach.net

 

[burtsbees]

For layer 3 filtering, it has to be done at the router. A switchport in a layer 2 switch can only be configured to filter MAC addresses.

Burt

 

[Minue]

Hi Burt
Be careful!The 2950 can do level access-list.As for 2900 series,you can try with the "mac-address-table secure" command.
Regards

 

[americanmcneil]

So if I am reading the mac-address-secure write up correctly, this command will only let traffic pass from the listed MAC addresses?

Scott "Thrown to the Wolves" McNeil

http://www.epproach.net

 

[ADB100]

Hi Burt
Be careful!The 2950 can do level access-list.As for 2900 series,you can try with the "mac-address-table secure" command.
Regards

The 2900XL can't..... The 2950 (or at least the ones that run the EI features) is a much more advanced switch than the 2900XL (& 3500XL). The 2900XL is pretty simple and can't do any filtering on the physical ports.

Andy

 

[Minue]

Hello
I was too quick on that one.And I confuse that with another command,the "port security max-mac-count".This command could be a work around for you situation.But first you will have to make the switch learn the 10.7.x.x address first.The "port security aging" command would give extra stabilty.
As I said before this is a work around,it would be better to use at least a cisco 2950 or use a Router.
Regards