10-17-2011 11:28 AM - edited 03-04-2019 01:57 PM
Hi
I will be connecting some clients directly to switchports.
But I`m really sceptical to do this, as it may create problems in my network.
The clients will connect to client VLANs with /25 mask, and use public IPs through DHCP or static IP.
I`m planning on using IP source guard for the clients with static IPs and DHCP snooping for the DHCP clients.
What more restrictions should I put on the interfaces/VLANs to make this as lttle painfull as possible?
10-17-2011 02:15 PM
1. spanning-tree bpduguard enable
2. MAC security limit to one MAC address
3. DHCP snooping
10-18-2011 12:21 AM
Thank you, these are good tips, will iplement it.
Any more tips?
10-18-2011 10:38 AM
PVLANs combined with ACLs are also an option. DHCP snooping & DAI would be added security.
HTH
Samir
Sent from Cisco Technical Support iPad App
10-18-2011 02:53 AM
Hi perpaal!
4. Configure VACL and apply it to a VLAN.
5. Allow VLANs wich are assigned by you or someone for your WAN/LAN.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: