cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

351
Views
0
Helpful
4
Replies

Layer 2 security

Need to prevent unauthorized users from getting IP address from DHCP when connected to our wired network.

In few remote sites we run DHCP for voice & data in the router where only limited users (around 30)are operating. We dont have IT assistance in those sites.

Our business is automotive and we let customers/users to our premise. We need to block the unauthorized user from using our network.

Any configuration can be done in the cisco access switch level?

Thanks in advance...

4 REPLIES 4
VIP Expert

Layer 2 security

Hi,

You can try deploying DHCP snooping.

here is a link for your reference:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/dhcp.pdf

HTH

Advisor

Layer 2 security

Hi Reza,

I don't think DHCP snooping could prevent users from getting an address from the server  as its goal is to prevent unauthorized DHCP servers and eventually rate)limit the client requests.

I think that dot1x should be more appropriate for this case.

Regards.

Alain

Don't forget to rate helpful posts.

Layer 2 security

Hi Alain,

I beleive that is the best option for which we require an authentication server. Any other possibility without the AAA server.

Reagrds,

Raffi...

Highlighted
Enthusiast

Re: Layer 2 security

you can enable port security on switch port and limit it to only one approved mac address

Sent from Cisco Technical Support iPad App

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards