Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
586
Views
5
Helpful
4
Replies

Client directly connected to switch port

perpaal
Level 1
Level 1

‎10-17-2011 11:28 AM - edited ‎03-04-2019 01:57 PM

Hi

I will be connecting some clients directly to switchports.

But I`m really sceptical to do this, as it may create problems in my network.

The clients will connect to client VLANs with /25 mask, and use public IPs through DHCP or static IP.

I`m planning on using IP source guard for the clients with static IPs and DHCP snooping for the DHCP clients.

What more restrictions should I put on the interfaces/VLANs to  make this as lttle painfull as possible?

Labels:
0 Helpful
4 Replies 4

Leo Laohoo
Hall of Fame
Hall of Fame

‎10-17-2011 02:15 PM

1.  spanning-tree bpduguard enable

2.  MAC security limit to one MAC address

3.  DHCP snooping

perpaal
Level 1
Level 1
In response to Leo Laohoo

‎10-18-2011 12:21 AM

Thank you, these are good tips, will iplement it.

Any more tips?

0 Helpful

cisco_lad2004
Level 5
Level 5
In response to perpaal

‎10-18-2011 10:38 AM

PVLANs combined with ACLs are also an option. DHCP snooping & DAI would be added security.

HTH

Samir

Sent from Cisco Technical Support iPad App

0 Helpful

microfeel
Level 1
Level 1

‎10-18-2011 02:53 AM

Hi perpaal!

4. Configure VACL and apply it to a VLAN.

5. Allow VLANs wich are assigned by you or someone for your WAN/LAN.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card