Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1015
Views
0
Helpful
3
Replies

Blocking an IP (and ARP requests) for one Port.

ChristophV
Level 1
Level 1

‎06-20-2016 03:34 AM

Hi,

I have the following situation. 

I haven SG300-10 with

Port 1-8 being used for computers, 
Port 9 is going to the Router 192.168.7.x
Port 10 is going to a neighbor 192.168.7.x (a) to join networks and (b) as a backup internet

We made sure our addresses are completely disjunct, except for the router 192.168.7.1

The Plan is this: On Port 10 block all communication to the router, so all machines can communicate, but each side has their own ISP.

IF the ISP on Port 9 fails, then the cable from Port 10 is simply put in port 9 and done :-) 


In theory I like this idea, but in practice I don't know how to do this, as blocking the IP or MAC Address is not enough. The ARP resolution is telling machines on Port 10 that it has the device reacting to 192.168.7.1 but is then of course blocking all communication.

How can I make sure Port 10 gives no ARP answer for 192.168.9.1 while all other ports do?

Or is there a different solution for my endeavor? (The routers both don't support VLANs)

All the best

    Christoph

Labels:
0 Helpful
3 Replies 3

Philip D'Ath
VIP Alumni
VIP Alumni

‎06-20-2016 11:04 PM

This is going to crash and burn.

First you and your neighbour will both have routers doing DHCP, so clients will get addresses from either device, and potentially generate IP address conflicts.

You could give up on DHCP, and completely statically configure your hosts, but if your default gateways are the same, to allow a simple cable swap, then you are going to have a conflict with the default gateway,

You need layer 3 devices to stand a chance of making this work, and your routers are not capable of vlaning.

0 Helpful

ChristophV
Level 1
Level 1
In response to Philip D'Ath

‎06-21-2016 01:59 AM

Hi,

I have all other problems solved, DHCP is blocked so it works nicely in all subnets and I could even block the traffic.

The only worry left is to block the ARP requests on one port. 
The cisco switch is giving out itself as traget and naming the MAC address for the IP, if I could avoid this then everything would work :-) 

So close :-) 

0 Helpful

ChristophV
Level 1
Level 1
In response to Philip D'Ath

‎06-21-2016 02:02 AM

Maybe I should buy a second switch that simply fully blocky this ARP request on the one side, then it would work. only downside is it's another 160€ and seems unnecessary, just because ARP requests cannot be port specific :-) 

0 Helpful
Customers Also Viewed These Support Documents