cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
944
Views
0
Helpful
6
Replies
Highlighted
Beginner

Can I only allow an IP Address on a specific MAC Address?

Hello,

On my cisco IOS 12.4 router,

Can i make it so only lets say mac address 11:22:33:44:55:66 able to use ip address 10.10.10.2?

I want this so that only this IP can configure servers, and so if the computer using it is turned off, any other device cannot use the IP address.

Thanks

3 ACCEPTED SOLUTIONS

Accepted Solutions
Highlighted
Hall of Fame Master

Yes, disable arp and configure static ARP entries. But since that's a major pain in the neck, there are better ways, eg mac authentication, switch port security, etc. Also note that unless you have an hostile, unsecure environment, nothing is necessary.

View solution in original post

Highlighted

do it from your DCHP server and reserve it to the MAC address.

View solution in original post

Highlighted
Participant

Hi,

As mentioned, there are lots of ways to do it. You can enable port security on the switch so the port will be accessible to only that MAC address, or use the DHCP server to reserve the IP address to that specific MAC address.

Best practice is to enable DHCP and exclude IP addresses used by servers. Another alternative is to configure static ARP entries but this could cause you lots of trouble updating.

Best regards,

Giorgos

View solution in original post

6 REPLIES 6
Highlighted
Hall of Fame Master

Yes, disable arp and configure static ARP entries. But since that's a major pain in the neck, there are better ways, eg mac authentication, switch port security, etc. Also note that unless you have an hostile, unsecure environment, nothing is necessary.

View solution in original post

Highlighted

do it from your DCHP server and reserve it to the MAC address.

View solution in original post

Highlighted
Participant

Hi,

As mentioned, there are lots of ways to do it. You can enable port security on the switch so the port will be accessible to only that MAC address, or use the DHCP server to reserve the IP address to that specific MAC address.

Best practice is to enable DHCP and exclude IP addresses used by servers. Another alternative is to configure static ARP entries but this could cause you lots of trouble updating.

Best regards,

Giorgos

View solution in original post

Highlighted

Thanks for the replys,

Given me some things to look into!


Thanks all

Highlighted

You're welcome!

If you need any kind of help, don't hesitate to ask.

Good luck!

Giorgos

Highlighted
Beginner

As others have mentioned. DHCP reservations and port-security are your best bet. I'd encourage you to configure both.

You can reserve the IP to MAC in your DHCP server but that does not stop somebody from statically assigning this IP address if they wanted.

Port security will only authenticate based on MAC address, there is nothing to stop that mac using a different IP address.

If you really wanted to go nuts you could assign on ACL and/or VACL to the port as well and look into some sort of 802.1x based authentication (but like others have said unless your in a hostile environment or work with state secrets this probably a little over kill).