cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
Join Customer Connection to register!
376
Views
5
Helpful
4
Replies
perpaal
Beginner

Client directly connected to switch port

Hi

I will be connecting some clients directly to switchports.

But I`m really sceptical to do this, as it may create problems in my network.

The clients will connect to client VLANs with /25 mask, and use public IPs through DHCP or static IP.

I`m planning on using IP source guard for the clients with static IPs and DHCP snooping for the DHCP clients.

What more restrictions should I put on the interfaces/VLANs to  make this as lttle painfull as possible?

4 REPLIES 4
Leo Laohoo
VIP Community Legend

1.  spanning-tree bpduguard enable

2.  MAC security limit to one MAC address

3.  DHCP snooping

Thank you, these are good tips, will iplement it.

Any more tips?

PVLANs combined with ACLs are also an option. DHCP snooping & DAI would be added security.

HTH

Samir

Sent from Cisco Technical Support iPad App

microfeel
Beginner

Hi perpaal!

4. Configure VACL and apply it to a VLAN.

5. Allow VLANs wich are assigned by you or someone for your WAN/LAN.