Hello,
On my cisco IOS 12.4 router,
Can i make it so only lets say mac address 11:22:33:44:55:66 able to use ip address 10.10.10.2?
I want this so that only this IP can configure servers, and so if the computer using it is turned off, any other device cannot use the IP address.
Thanks
Solved! Go to Solution.
Yes, disable arp and configure static ARP entries. But since that's a major pain in the neck, there are better ways, eg mac authentication, switch port security, etc. Also note that unless you have an hostile, unsecure environment, nothing is necessary.
do it from your DCHP server and reserve it to the MAC address.
Hi,
As mentioned, there are lots of ways to do it. You can enable port security on the switch so the port will be accessible to only that MAC address, or use the DHCP server to reserve the IP address to that specific MAC address.
Best practice is to enable DHCP and exclude IP addresses used by servers. Another alternative is to configure static ARP entries but this could cause you lots of trouble updating.
Best regards,
Giorgos
Yes, disable arp and configure static ARP entries. But since that's a major pain in the neck, there are better ways, eg mac authentication, switch port security, etc. Also note that unless you have an hostile, unsecure environment, nothing is necessary.
do it from your DCHP server and reserve it to the MAC address.
Hi,
As mentioned, there are lots of ways to do it. You can enable port security on the switch so the port will be accessible to only that MAC address, or use the DHCP server to reserve the IP address to that specific MAC address.
Best practice is to enable DHCP and exclude IP addresses used by servers. Another alternative is to configure static ARP entries but this could cause you lots of trouble updating.
Best regards,
Giorgos
Thanks for the replys,
Given me some things to look into!
Thanks all
You're welcome!
If you need any kind of help, don't hesitate to ask.
Good luck!
Giorgos
As others have mentioned. DHCP reservations and port-security are your best bet. I'd encourage you to configure both.
You can reserve the IP to MAC in your DHCP server but that does not stop somebody from statically assigning this IP address if they wanted.
Port security will only authenticate based on MAC address, there is nothing to stop that mac using a different IP address.
If you really wanted to go nuts you could assign on ACL and/or VACL to the port as well and look into some sort of 802.1x based authentication (but like others have said unless your in a hostile environment or work with state secrets this probably a little over kill).