Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
944
Views
0
Helpful
6
Replies
Highlighted
richarddowna
Beginner
Beginner
‎04-27-2011 02:54 AM
‎04-27-2011 02:54 AM

Can I only allow an IP Address on a specific MAC Address?

Hello,

On my cisco IOS 12.4 router,

Can i make it so only lets say mac address 11:22:33:44:55:66 able to use ip address 10.10.10.2?

I want this so that only this IP can configure servers, and so if the computer using it is turned off, any other device cannot use the IP address.

Thanks

Labels:
0 Helpful
3 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
paolo bevilacqua
Hall of Fame Master Hall of Fame Master
Hall of Fame Master
‎04-27-2011 03:06 AM
‎04-27-2011 03:06 AM

Yes, disable arp and configure static ARP entries. But since that's a major pain in the neck, there are better ways, eg mac authentication, switch port security, etc. Also note that unless you have an hostile, unsecure environment, nothing is necessary.

View solution in original post

0 Helpful
Highlighted
N W
Beginner
Beginner
In response to paolo bevilacqua
‎04-27-2011 03:54 AM
‎04-27-2011 03:54 AM

do it from your DCHP server and reserve it to the MAC address.

View solution in original post

0 Helpful
Highlighted
garapoglou
Participant
Participant
‎04-27-2011 04:12 AM
‎04-27-2011 04:12 AM

Hi,

As mentioned, there are lots of ways to do it. You can enable port security on the switch so the port will be accessible to only that MAC address, or use the DHCP server to reserve the IP address to that specific MAC address.

Best practice is to enable DHCP and exclude IP addresses used by servers. Another alternative is to configure static ARP entries but this could cause you lots of trouble updating.

Best regards,

Giorgos

View solution in original post

0 Helpful
6 REPLIES 6
Highlighted
paolo bevilacqua
Hall of Fame Master Hall of Fame Master
Hall of Fame Master
‎04-27-2011 03:06 AM
‎04-27-2011 03:06 AM

Yes, disable arp and configure static ARP entries. But since that's a major pain in the neck, there are better ways, eg mac authentication, switch port security, etc. Also note that unless you have an hostile, unsecure environment, nothing is necessary.

View solution in original post

0 Helpful
Highlighted
N W
Beginner
Beginner
In response to paolo bevilacqua
‎04-27-2011 03:54 AM
‎04-27-2011 03:54 AM

do it from your DCHP server and reserve it to the MAC address.

View solution in original post

0 Helpful
Highlighted
garapoglou
Participant
Participant
‎04-27-2011 04:12 AM
‎04-27-2011 04:12 AM

Hi,

As mentioned, there are lots of ways to do it. You can enable port security on the switch so the port will be accessible to only that MAC address, or use the DHCP server to reserve the IP address to that specific MAC address.

Best practice is to enable DHCP and exclude IP addresses used by servers. Another alternative is to configure static ARP entries but this could cause you lots of trouble updating.

Best regards,

Giorgos

View solution in original post

0 Helpful
Highlighted
richarddowna
Beginner
Beginner
In response to garapoglou
‎04-27-2011 04:44 AM
‎04-27-2011 04:44 AM

Thanks for the replys,

Given me some things to look into!


Thanks all

0 Helpful
Highlighted
garapoglou
Participant
Participant
In response to richarddowna
‎04-27-2011 04:54 AM
‎04-27-2011 04:54 AM

You're welcome!

If you need any kind of help, don't hesitate to ask.

Good luck!

Giorgos

0 Helpful
Highlighted
james-worley
Beginner
Beginner
‎04-27-2011 06:50 AM
‎04-27-2011 06:50 AM

As others have mentioned. DHCP reservations and port-security are your best bet. I'd encourage you to configure both.

You can reserve the IP to MAC in your DHCP server but that does not stop somebody from statically assigning this IP address if they wanted.

Port security will only authenticate based on MAC address, there is nothing to stop that mac using a different IP address.

If you really wanted to go nuts you could assign on ACL and/or VACL to the port as well and look into some sort of 802.1x based authentication (but like others have said unless your in a hostile environment or work with state secrets this probably a little over kill).

0 Helpful
Latest Contents
Register Now: Networking CCP Briefings for New Product/Relea...
Created by Kelsy Tibshraeny on 09-17-2020 02:02 PM
0
0
0
0
Coming soon - Be the first to know about the New Product/Release Series. Join Customer Connection to register for the briefings throughout the month of October! Membership in the Cisco Customer Connection program is required to attend. Registra... view more
Issue with flexvpn ikev2
Created by Hulk8647 on 09-17-2020 11:03 AM
0
0
0
0
Hello,I am trying to configure FLEXVPN on an ISR 4321. I have followed the directions in the below article. Upon completion, when trying to log into the VPN via anyconnect, I am not getting anywhere at all. (not prompting for UN/PW) I hope someone can she... view more
Cisco IOS XE Amsterdam 17.3.1a: Enterprise Routing Release U...
Created by pkhilola on 09-16-2020 04:37 AM
3
5
3
5
On 16th Aug 2020, Cisco has published the latest IOS XE Release- Cisco IOS XE Amsterdam 17.3.1a.   IOS XE 17.3.1a continues to enhance the Enterprise Routing offerings. There are key software feature enhancements covering Lic... view more
RV340 VPN processing order
Created by georgedei on 09-15-2020 06:10 PM
1
5
1
5
I'm trying to understand the order in which site-to-site VPN traffic is processed. Is there a block diagram of the entire router structure? Do the packets pass through firewall before the VPN or after the VPN process? What exactly happens to ports of pack... view more
ISR 4321 GebGui issue
Created by Juraj Papic on 09-15-2020 01:52 PM
0
0
0
0
Hello, I have my 4321, when I access via UI I cant see the Configuration, Administration and Troubleshooting,  I only see Dashboard and Monitoring.This is the LicTechnology Package License Information:--------------------------------------------... view more
Content for Community-Ad
Cisco Community August2020 Spotlight Award Winners

Follow our Social Media Channels