08-26-2013 12:34 AM - edited 03-04-2019 08:52 PM
I have connected around 30 server with 2 cisco 2950 switch. the switch are connected to a mikrotik router. I am doing BGP with /24 IP address provided by APNIC. I have enabled DHCP in the router so that each server can get an IP automatically. Some of client have additional ip address too. they are configured manually. now how can i protect ip address to be stolen from client. One suggest me to configure ACL so that no IPs can be "stolen". Client can access only the IP allow them in switch.
So please give me a example how to configure it. if my address block is xxx.yyy.zzz.0/24
thanks in advance
08-26-2013 03:41 AM
Hi Santu,
Can you put client and server in different VLAN?
HTH,
Lei Tian
Sent from Cisco Technical Support iPhone App
08-26-2013 04:14 AM
I don't want to use vlan as its waste of IP Address i have only /24 IP block
08-26-2013 03:43 AM
There are two ways to achieve it, but the first and better way is only available on newer switches.
1) Using DHCP-Snooping and IP Source-Guard
The switch monitors the DHCP-comunication from the client to the server and limits the communication to only that IP that was assigned by the DHCP-server. Additional IPs can be configured manually. These functions add some more security-measures that are very usefull in environments with untrusted clients. So if there is a chance to upgrade your switch to at least a 2960, then go for it.
2) Using port-ACLs where only the IP of the server is allowed as a source. That could look like the following and works also with older switches:
ip access-list standard Server1
permit host 10.10.10.1
ip access-list standard Server2
permit host 10.10.10.11
permit host 10.10.10.12
!
interface fast 0/1
description Server1
ip access-group Server1 in
interface fast 0/2
description Server2
ip access-group Server2 in
--
Don't stop after you've improved your network! Improve the world by lending money to the working poor:
http://www.kiva.org/invitedby/karsteni
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: