Denying Static IP hosts from gaining Access To Network

ajlouni4ever · ‎04-30-2013

Hi Everybody,

I am new to networking and I am trying to block any device with a static IP from accessing the network and the internet. The network is a camp network where I have the Bandwidth Splitter installed on the TMG. the server is Windows 2008 R2, the Bsplitter will assign a trafic qouta per IP address on the network. I have DHCP service alos running on the camp server with reservation implemented. However, some smart users are going around this by changing their IP address on thier personal computers or smart phones and therefore consuming others trafic qouta.

The network is like this:

h1-------sw2----------sw1 -------server

h2-------sw3----------sw1--------server

where h1 and h2 are examples of personal computers

sw2 and sw3 are intermediate switches all connected to the main switch (sw1). sw1 is connected to the server.

sw1, sw2 and sw3 are all Cisco small business SF300- 24P

I read about the use of ARP command coupled with an ACL but static IPs are still able to access the network.

Could anyone please write a complete code or if anyone has a different approach to solve the issue will be much appreciated ?

Thanks,

Mohammad

cadet alain · ‎04-30-2013

Hi,

You should implement DHCP snooping and IP Source guard to prevent users with static IPs to communicate.

Don't forget to add static entries for legitimate hosts with static entries like servers.

http://www.cisco.com/en/US/prod/collateral/switches/ps5718/ps10898/data_sheet_c78-610061.html

Regards

Alain

Don't forget to rate helpful posts.