cisco2960 Implementing MAC IP Bindings

In order to implement IP+MAC bindings on the two-layer switch Cisco 2960, you must use an Access-control-list-based approach.

Pre-Implementation features: ip:168.31.6.199 and mac:001e.ec64.5a.83 bindings

Step One: Configure the Mac access control list

CIB (config) #mac Access-list extended Mac

CIB (CONFIG-EXT-MACL) #permit any host 001e.ec64.5a83

CIB (CONFIG-EXT-MACL) #permit host 001e.ec64.5a83 any

Step Two: Configure IP access control lists

CIB (config) #ip access-list extended IP

CIB (CONFIG-EXT-NACL) Permit IP host 168.31.6.199 any

CIB (CONFIG-EXT-NACL) Permit IP any host 168.31.6.199

Step three: Apply the above access control list under the port

CIB (config) #interface FASTETHERNET0/3

CIB (config-if) #ip access-group IP in

CIB (config-if) #mac Access-group mac in

===================================================

Note 1: If you want to implement multiple IPs with multiple Macs between one by one, you can write multiple ACLs in conjunction with;

Note 2: For the convenience of implementation, you can add multiple IPs under the same ACL with multiple Macs, at this time the corresponding relationship is many-to-many; (Security flaw: But there is a flaw that can be used to swap IP with each other)

MAC1 IP1

MAC2 IP2

Such as:

CIB (config) #ip access-list extended IP

CIB (CONFIG-EXT-NACL) Permit IP host 168.31.6.199 any

CIB (CONFIG-EXT-NACL) Permit IP host 168.31.6.200 any

CIB (CONFIG-EXT-NACL) Permit IP any host 168.31.6.199

CIB (CONFIG-EXT-NACL) Permit IP any host 168.31.6.200

CIB (config) #mac Access-list extended Mac

CIB (CONFIG-EXT-MACL) #permit any host 001e.ec64.5a83

CIB (CONFIG-EXT-MACL) #permit any HOST0024.50C7.2AC1

CIB (CONFIG-EXT-MACL) #permit host 001e.ec64.5a83 any

CIB (CONFIG-EXT-MACL) #permit host 0024.50c7.2ac1 any

=================================================

This article is from the "Chen blog" blog, make sure to keep this source http://chenshengang.blog.51cto.com/4399161/1606004

cisco2960 Implementing MAC IP Bindings