Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1487
Views
0
Helpful
6
Replies

DHCP IP to MAC Binding & Security

Hamidsattarrana
Level 1
Level 1

‎09-11-2020 03:57 AM - edited ‎09-11-2020 04:16 AM

Dear All,

I hope you guys are well.

I  have configured IP to MAC and binding on Cisco 3845 Series Router. It is working fine.

But the thing is that I do not want anyone to get an IP address from the same DHCP server? If there MAC address is not binded with IP address.

Need suggestion.

 

 

Labels:
0 Helpful
6 Replies 6

marce1000
VIP
VIP

‎09-11-2020 04:26 AM

 

- That sounds a bit contradictory , isn't the purpose of DHCP to provide ip address(es) ?

 M.



-- Each morning when I wake up and look into the mirror I always say ' Why am I so brilliant ? '
    When the mirror will then always repond to me with ' The only thing that exceeds your brilliance is your beauty! '
0 Helpful

Hamidsattarrana
Level 1
Level 1
In response to marce1000

‎09-11-2020 05:43 AM

Yes it is. But I want DHCP server to assign IP addresses to only those devices whose mac addresses are binded.

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎09-11-2020 07:45 AM

in that case make sure you reserv all the IP address - not to open pool for general allocation, add static reservation, so no IP address allocated not listed in theDHCP. is this make sense ?

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful

paul driver
VIP
VIP

‎09-11-2020 04:57 PM

Hello

The dhcp snooping binding database gets populated from dhcp allocations from the dhcp server, what you can do is to incorporate Dynamic Arp Inspection (DAI) (with or without the snooping enabled or Ip Source Guard (IPSG)  with the latter being able to filter on either just ip address or ip address and mac address but requiring the dhcp snooping being enabled.

If then a host ip/mac entry populated in the snooping database and being used by either DAI or IPSG  or just an DAI access doesn't have a correct binding then communication is dropped. 


Please rate and mark as an accepted solution if you have found any of the information provided useful.
This then could assist others on these forums to find a valuable answer and broadens the community’s global network.

Kind Regards
Paul
0 Helpful

Georg Pauwen
VIP
VIP

‎09-12-2020 12:05 AM

Hello,

 

how did you bind the MAC addresses to IP addresses ? Using static reservations such as the ones below ?

 

ip dhcp pool HOST_1

host 192.168.1.2 255.255.255.0

client-identifier 01c4.09ab.dfe2.c0

 

ip dhcp pool HOST_2

host 192.168.1.3 255.255.255.0

hardware-address c409.abdf.e2c0

 

0 Helpful

Hamidsattarrana
Level 1
Level 1
In response to Georg Pauwen

‎10-27-2020 09:55 PM

Hi!

I have used the following method.

 

ip dhcp pool HOST_1

host 192.168.1.2 255.255.255.0

client-identifier 01c4.09ab.dfe2.c0

 

Is it okay?

 

 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card