Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1147
Views
5
Helpful
4
Replies

IP ADDRESSING

Go to solution
mdmaqdoom
Level 1
Level 1

‎09-23-2019 04:43 AM

I  want to block some ip on my network, 

this IP are primary IP in my Network (Some Devices has a default IP's i have many vendor devices that has same IP binded i want to Block on my network) 

One Devices is connected on FA2/5 (IE 115 Switch ) other devices is connected on 2960X (Gi1/2/20)

kindly please suggest the command (it can done by IP access list) please give the complete command 

 

thanks 

Maqdoom.M

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎09-23-2019 05:10 AM

Hi there,

I suggest you look at DHCP snooping and IP Source Guard. 

Assuming all of your devices use DHCP; dynamic allocation or static assignment, then any device which appears on the network trying to use an address not received from your DHCP server will have its traffic discarded.

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/security/configuration_guide/b_sec_3se_3850_cg/b_sec_3se_3850_cg_chapter_01101.html

 

cheers,

Seb.

View solution in original post

4 Replies 4

Go to solution
Seb Rupik
VIP Alumni
VIP Alumni

‎09-23-2019 05:10 AM

Hi there,

I suggest you look at DHCP snooping and IP Source Guard. 

Assuming all of your devices use DHCP; dynamic allocation or static assignment, then any device which appears on the network trying to use an address not received from your DHCP server will have its traffic discarded.

 

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3850/software/release/3se/security/configuration_guide/b_sec_3se_3850_cg/b_sec_3se_3850_cg_chapter_01101.html

 

cheers,

Seb.

Go to solution
Martin L
VIP
VIP
In response to Seb Rupik

‎09-23-2019 07:28 AM


i like that idea; DHCP snooping and IP Source Guard, plus possible to add ARP inspection
kudos!
0 Helpful

Go to solution
mdmaqdoom
Level 1
Level 1
In response to Seb Rupik

‎09-23-2019 07:30 AM

Can do some with ip access list 

plz suggest I wo not have any dhcp on my network only I have two swithces interface from where my vendor IP are connected I need to block this ip

0 Helpful

Go to solution
mdmaqdoom
Level 1
Level 1
In response to mdmaqdoom

‎09-23-2019 07:52 AM

I was doing as per your suggestion but on the same interface I have two ip one Mac I cannot block the mac but only the bindded ip of vendor specified 
this also I can achieve On firewall or router by doing NAT but cannot afford the router for one ip devices 

any alternate plz suggest 

 

regards 

maqdoom 

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card