cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
111
Views
0
Helpful
2
Replies
Highlighted
Beginner

Access List for PC to Server?

Here's the issue. I'm trying to only allow traffic between one PC and a server. Both PC and server are connected to Layer 3 switches. 

This would be simple if the PC had a static IP address.  I could do a simple extended ip access list  permitting only traffic between the PC and the server. 

However, the catch is, the PC is on DHCP.. So as soon as it changes IP address, it will lose all connectivity to the server.. 

I looked into using the PC's hostname in the ACL, but as soon I enter the hostname on the switch, it translates it to the IP address in DNS, and that is what the config uses (which completely defeats the purpose).

I also tried doing a mac-address access-list, but that will not work when applying it on the IP interface the server is connected to (which also defeats the purpose).

Is there any other option here I'm not thinking of?

2 REPLIES 2
Highlighted
Hall of Fame Guru

As long as the PC is dynamically receiving an IP address it will be difficult to restrict access. One option to consider would be to create a static assignment/reservation in DHCP so that the PC uses DHCP to obtain an address and always receives the same assigned address.

HTH

Rick

HTH

Rick
Highlighted

Bummer, yeah I was kind of afraid of that. I'm trying to avoid making any changes to DHCP etc. as around here, that is a process that can take weeks or even months to go through. But it may be the only choice, unless I simply setup a static IP on the client PC. However, this would cause another issue if the user wants to check the server from home over VPN, since he'd then be on a different IP.. 

Cisco ACL's are great, but there's always a catch with them..  Thanks for the reply. 

Content for Community-Ad