04-27-2011 02:54 AM - edited 03-04-2019 12:11 PM
Hello,
On my cisco IOS 12.4 router,
Can i make it so only lets say mac address 11:22:33:44:55:66 able to use ip address 10.10.10.2?
I want this so that only this IP can configure servers, and so if the computer using it is turned off, any other device cannot use the IP address.
Thanks
Solved! Go to Solution.
04-27-2011 03:06 AM
Yes, disable arp and configure static ARP entries. But since that's a major pain in the neck, there are better ways, eg mac authentication, switch port security, etc. Also note that unless you have an hostile, unsecure environment, nothing is necessary.
04-27-2011 03:54 AM
do it from your DCHP server and reserve it to the MAC address.
04-27-2011 04:12 AM
Hi,
As mentioned, there are lots of ways to do it. You can enable port security on the switch so the port will be accessible to only that MAC address, or use the DHCP server to reserve the IP address to that specific MAC address.
Best practice is to enable DHCP and exclude IP addresses used by servers. Another alternative is to configure static ARP entries but this could cause you lots of trouble updating.
Best regards,
Giorgos
04-27-2011 03:06 AM
Yes, disable arp and configure static ARP entries. But since that's a major pain in the neck, there are better ways, eg mac authentication, switch port security, etc. Also note that unless you have an hostile, unsecure environment, nothing is necessary.
04-27-2011 03:54 AM
do it from your DCHP server and reserve it to the MAC address.
04-27-2011 04:12 AM
Hi,
As mentioned, there are lots of ways to do it. You can enable port security on the switch so the port will be accessible to only that MAC address, or use the DHCP server to reserve the IP address to that specific MAC address.
Best practice is to enable DHCP and exclude IP addresses used by servers. Another alternative is to configure static ARP entries but this could cause you lots of trouble updating.
Best regards,
Giorgos
04-27-2011 04:44 AM
Thanks for the replys,
Given me some things to look into!
Thanks all
04-27-2011 04:54 AM
You're welcome!
If you need any kind of help, don't hesitate to ask.
Good luck!
Giorgos
04-27-2011 06:50 AM
As others have mentioned. DHCP reservations and port-security are your best bet. I'd encourage you to configure both.
You can reserve the IP to MAC in your DHCP server but that does not stop somebody from statically assigning this IP address if they wanted.
Port security will only authenticate based on MAC address, there is nothing to stop that mac using a different IP address.
If you really wanted to go nuts you could assign on ACL and/or VACL to the port as well and look into some sort of 802.1x based authentication (but like others have said unless your in a hostile environment or work with state secrets this probably a little over kill).
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide