cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
270
Views
0
Helpful
4
Replies
Highlighted

IP binding

Hi all,

I would like to know about setting up management access to network infrastructure devices.

Using my home test network, I have my Cisco router and my switch on the same management subnet.

For convenience, I want to block management access from all but my Android phone (running ssh client) and laptop connected by WiFi access point plugged into the router and on a home appliance / wireless access vlan.

Should I do this by binding the router leased IP addresses for these devices to their MAC address so I know their IP won't change, and then add these IPs to a permit ACL?

I know this isn't going to be best practice, but is this the way to achieve what I would like, or is there a better way?

Also in general, when should you bind IP to MAC and when should you manually give a device a static IP?

Thanks.

Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
VIP Expert

IP binding

You can apply the access list per host if you don't want allow everything in that subnet.  For example: the access list below allows access from hosts 192.168.1.15, 16, 17 and nothing else.

access-list 50 permit host 192.168.1.15

access-list 50 permit host 192.168.1.16

access-list 50 permit host 192.168.1.17

and so on.....

HTH

View solution in original post

4 REPLIES 4
VIP Expert

IP binding

Hi,

If you want only certain ip range to access the network devices, then you can simply allow that subnet.

In this example, your phone, laptop and Wifi are all in 192.168.1.0 subnet.

Create the access list

access-list 50 permit 192.168.1.0  0.0.0.255

then apply it to the vty line

line vty 0 4

access-class 50 in

and test

HTH

IP binding

Thanks for the reply, but that would only block access to the management of the router, and not the other devices in the management vlan.

VIP Expert

IP binding

You can apply the access list per host if you don't want allow everything in that subnet.  For example: the access list below allows access from hosts 192.168.1.15, 16, 17 and nothing else.

access-list 50 permit host 192.168.1.15

access-list 50 permit host 192.168.1.16

access-list 50 permit host 192.168.1.17

and so on.....

HTH

View solution in original post

IP binding

I'm not sure you understand me.

I want to control access to all devices in the management vlan, not just the Cisco router.

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards