Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4845
Views
0
Helpful
3
Replies

Binding of IP to MAC in a Vlan?

Go to solution
rite2anil
Level 1
Level 1

‎09-03-2011 12:20 AM - edited ‎03-07-2019 02:02 AM

Hi All,

I have cisco 4507 with Sup II engine. I want to bind the host IP address with its MAC address in the particular vlan. How is it possible? My intention is to prevent IP address collaps in the Vlan.

Anil k

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Richard Michael
Cisco Employee
Cisco Employee

‎09-03-2011 01:41 AM

Hello,

There are multiple ways to achieve this, Doing a static configuration in the switch with MAC address and host IP address is one way. you can prevent IP address collapse by IPSG/PACL features.

IP Source Guard (IPSG) as implemented on Cat 4000 today has some limitations. The IP source guard feature uses only the IP address / MAC address bindings created by the DHCP snooping or static configuration at switch to disallow traffic from an IP address that does not have an entry in the DHCP snooping table. It cannot learn the IP address/MAC address binding automatically in Non-DHCP (or mixed) environment. It does not support to restrict the number of hosts allowed on the port either.

Some of our customers have mixed environments. They want to use the combination of the MAC and IP address binding to uniquely identify a host and then allow the users to configure the number of such bindings in order to restrict the number of hosts allowed on the port. The customers also have a large number of static IP addresses. Therefore managing these IP addresses manually by configuring IP+MAC bindings to ports is not a scalable option, especially when customers have more than 100 thousand such IP addresses. So it is also desired to allow the switch to dynamically learn the IP addresses of the hosts connected on a port in a mixed environment.

IP Port Security addresses the above mentioned issues by allowing IP address/Mac address bindings learned dynamically through ACL-based snooping. IP Port security also gives users the capability to restrict the number of IP addresses allowed on L2 port. Once the number of IP addresses which have been learned or configured on a giving port reaches the number limit, any packet with new IP address detected on that port is dropped in hardware. IP Port security feature leverage the existing ip device tracking functionality to age out dynamically learned IP address bindings.Manual mapping will prevent Ip address collapse and portsecurity would safeguard your network from malicious attacks.

link shown below to know more about port security features,

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25sg/configuration/guide/port_sec.html

Thanks,

Ricky Micky

*Pls rate useful posts

View solution in original post

0 Helpful
3 Replies 3

Go to solution
Richard Michael
Cisco Employee
Cisco Employee

‎09-03-2011 01:41 AM

Hello,

There are multiple ways to achieve this, Doing a static configuration in the switch with MAC address and host IP address is one way. you can prevent IP address collapse by IPSG/PACL features.

IP Source Guard (IPSG) as implemented on Cat 4000 today has some limitations. The IP source guard feature uses only the IP address / MAC address bindings created by the DHCP snooping or static configuration at switch to disallow traffic from an IP address that does not have an entry in the DHCP snooping table. It cannot learn the IP address/MAC address binding automatically in Non-DHCP (or mixed) environment. It does not support to restrict the number of hosts allowed on the port either.

Some of our customers have mixed environments. They want to use the combination of the MAC and IP address binding to uniquely identify a host and then allow the users to configure the number of such bindings in order to restrict the number of hosts allowed on the port. The customers also have a large number of static IP addresses. Therefore managing these IP addresses manually by configuring IP+MAC bindings to ports is not a scalable option, especially when customers have more than 100 thousand such IP addresses. So it is also desired to allow the switch to dynamically learn the IP addresses of the hosts connected on a port in a mixed environment.

IP Port Security addresses the above mentioned issues by allowing IP address/Mac address bindings learned dynamically through ACL-based snooping. IP Port security also gives users the capability to restrict the number of IP addresses allowed on L2 port. Once the number of IP addresses which have been learned or configured on a giving port reaches the number limit, any packet with new IP address detected on that port is dropped in hardware. IP Port security feature leverage the existing ip device tracking functionality to age out dynamically learned IP address bindings.Manual mapping will prevent Ip address collapse and portsecurity would safeguard your network from malicious attacks.

link shown below to know more about port security features,

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.2/25sg/configuration/guide/port_sec.html

Thanks,

Ricky Micky

*Pls rate useful posts

0 Helpful

Go to solution
ohassairi
Level 5
Level 5

‎09-03-2011 01:45 AM

you can use arp inspection. below is an example

http://hassairi.50megs.com/sw.html#arpi

hope this helps

0 Helpful

Go to solution
rite2anil
Level 1
Level 1

‎09-03-2011 04:02 AM

Hi Ricky,

Thankx for the support.

ANil K.

0 Helpful
Customers Also Viewed These Support Documents