Re: MAC Address Binding in data center environment

MarkYoung5278 · ‎08-12-2019

Hello all,

I am writing to see if anyone can help me out with this.

We are setting up a data center environment network, and we are looking to bind IP addresses by MAC Address without using a DHCP pool.

Right now, we have everything in about 20 VLANS with large ranges and IPs are being stolen, so we'd like to lock them down somehow.

I've done a lot of reading and found commands such as client-identifier and hardware-address, but they are always used with a DHCP pool. We'd like to manually assign the IPS and then limit to them to a specific MAC address. Is this possible? Or would we need to limit everyone to their own VLAN?

We are running a cisco Nexus 3064 Chassis with NX-OS 6.0.

balaji.bandi · ‎08-12-2019

This is not the best way to do it, but if the requirement is like that - you can do sticky MAC with IP address.

https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus5000/sw/security/521_n1_1/b_5k_Security_Config_521N11/b_5k_Security_Config_521N11_chapter_01001.pdf

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

MarkYoung5278 · ‎08-12-2019

Hi There,

Thank you. From what I can tell, this restricts a VLAN or port to a set of defined MAC addresses? If we did it this way, we could just make a separate VLAN for each client. We know this is an option, but we're trying to find a way to limit the amount of IPS lost due to subnetting.

Basically, we're looking to do something like:

IP --> Locked to Mac Address xxx, independent of the VLAN involved.

Is that doable or would we need to do it via a DHCP pool?