Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
892
Views
0
Helpful
4
Replies

C3750 Dhcp pool on Mac-based ip assignment issue

srikanth ath
Level 4
Level 4

‎09-26-2011 03:29 AM - edited ‎03-07-2019 02:26 AM

hi,

i have an issue here..

i have two wifis connected to Switch C3750 at port 17 & 18, this switch connected to router .

My requirement :

1. i want wifi access to few laptops in my network say 40 laptops with mac-based

2. even if the person assigns an static ip . he should not connect to the internet or the traffic atleast should not go out of the port 24 where the Router is connected to it.

   made switch as my DHCP server, excluded all IPs except the 4 ips

1. a ip of Vlan 101 10.10.30.1

2. IP's of Two access points 10.10.30.2 and 10.10.30.3

3. ip assigned to a mac- of user SRI   10.10.30.4

so # ip dhcp excluded-add   10.10.30.5 10.10.30.255

Issue Facing:

1. if i give the static ip on my laptop say 10.10.30.6/24  still i could access the internet? howz this happening

2. i have given the MAC based ip in dhcp server, if i have taken the laptop which mac address is not listed in the dhcp pool , how could i connect to the internet with the static ip assigned as above.

3. i have disabled the service of dhcp, cleared mac tables, cleared dhcp binding but still static ip assignment to any laptop is connectinfg to ionternet.

My final requirement:

2. only listed mac-id should connect to the internet how should i have todo  this.

2.Only listed mac id in the pool of dhcp server should connect to the internet. static ip assignement from any other laptop shouldnt acess internet.

3. can i use any MAC based access list in here SO that i can allow the traffic of selected MAC to go out of the interface 24 or per vlan interface.

Here are my config. attached to a file

Labels:
114386-dhcp.txt.zip
114385-sh run.txt.zip
0 Helpful
4 Replies 4

cadet alain
VIP Alumni
VIP Alumni

‎09-26-2011 03:43 AM

Hi,

MAC ACL will only have effect on non IP traffic so it shall not work.

So you want clients not to put a static IP but get an IP from DHCP?

if so DHCP snooping + IP Source guard feature will do the trick.

http://www.cisco.com/en/US/docs/switches/lan/catalyst3750/software/release/12.2_52_se/configuration/guide/swdhcp82.html

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful

srikanth ath
Level 4
Level 4
In response to cadet alain

‎09-26-2011 03:52 AM

Hi Iam using switch as my DHCP server.

i think DHCP snooping cant be enabled here right?

If so can i enable it can u show a short configuration. on how to avoid client access internet with static assignemtn

Regards

Srikanth

0 Helpful

srikanth ath
Level 4
Level 4
In response to srikanth ath

‎09-26-2011 05:43 AM

hi can 1 please help me out

regards

srikanth

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to srikanth ath

‎09-26-2011 06:17 AM

Hi,

1) enable dhcp snooping globally:

   - ip dhcp snooping

2) enable dhcp snooping for a particuliar vlan:

- ip dhcp snooping vlan X

By default all interfaces will be in the untrusted state but as it is your dhcp server you don't need to put any interface in trust stae.

3) enable ip source guard per interface:

-ip verify source

Regards.

Alain.

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents