cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

48
Views
0
Helpful
0
Replies
Beginner

Prevent customer accidentally assigning the default gateway to their router....

We are an ISP and deliver our service to customers over Cisco switches (2960S, 2960X, 2960CG etc) providing an internet VLAN access port for them to connect their router/firewall.

All IP addresses are statically assigned from shared subnets (to save IP wastage and allow expansion should a client require additional IP addresses at a later date) and we want to protect against the possibility of a customer adding an IP address they should not be using, and even more critical stop them being able to accidentally adding the default gateway as their own IP address - which has happened a few times.

We have been testing various options and Dynamic Arp Inspection, along with IP source bindings, works perfectly if the customer only has one IP address.  However, if a customer has additional IP addresses presented on their firewall then they all have the same MAC address and we can only add one ip to a MAC address binding.

Has anyone managed to overcome this or can think of another way to mitigate against this problem?

Thanks

Paolo

Everyone's tags (1)
CreatePlease to create content
Content for Community-Ad
FusionCharts will render here