Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 
cancel
Start a conversation
2751
Views
0
Helpful
4
Replies

MAC binding

Go to solution
Bikas Giri
Level 1
Level 1

ā€Ž09-24-2011 01:18 PM - edited ā€Ž03-07-2019 02:25 AM

Hi,

I have got only one catalyst 2960 series switch. I have connected different computers/laptops through this switch. I am facing a problem  of ip conflict as the user themselves changes the IP address. For the control of this I can segregate the network by giving one different port of manageable switch to different department. For example I can connect all the computers of account department to a normal switch and the normal switch to an specific port of manageable switch so that I can apply access-list, giving the access to specific ip address through this port. And giving the other port like this to other departments. This can reduce my existing problem. But, for some departments there may be more than 50 computers and the problem rises over here.

Now for this I am looking for the command which can bind ip address and a mac address of a computer, eg. 50 computers ip address binding to each computers mac address by using only one port of manageable switch. Is this possible or not or do I have to assign a single port for a single computer. If so I have to invest a lot of money.

Can anybody suggest me better idea.

With best regards,

Bikas

Labels:
0 Helpful
2 Accepted Solutions

Accepted Solutions

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Bikas Giri

ā€Ž09-24-2011 07:57 PM

Hi,

There should not be any conflict even if you have more then 50 computers as long as you have enough IPs

example

vlan 10

ip address 192.168.10.1/24

desc department-A

vlan 20

ip address 192.1168.20.1/24

desc department-B

HTH

View solution in original post

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Reza Sharifi

ā€Ž09-24-2011 11:53 PM

Hi,

I think you could use the DHCP snooping + IP source guard feature to prevent users from changing their IPs.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_52_se/configuration/guide/swdhcp82.html

Don't forget to rate helpful posts.

View solution in original post

0 Helpful
4 Replies 4

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame

ā€Ž09-24-2011 01:56 PM

Hi,

Why don't you put different department in different vlans and restrict the vlans by using ACLs. Also, restrict the users from having admin right to the PCs, so they can't change their IPs.

HTH

0 Helpful

Go to solution
Bikas Giri
Level 1
Level 1
In response to Reza Sharifi

ā€Ž09-24-2011 06:56 PM

Hi,

Its a good idea to give different vlan to each departments. But, some departments have got more than 50 computer and it will be hard to manage conflict. I am compelled to give admin right to most of the PCs. So, is there any other idea so that I can bind ip to mac address.

With best regards,

Bikas

0 Helpful

Go to solution
Reza Sharifi
Hall of Fame
Hall of Fame
In response to Bikas Giri

ā€Ž09-24-2011 07:57 PM

Hi,

There should not be any conflict even if you have more then 50 computers as long as you have enough IPs

example

vlan 10

ip address 192.168.10.1/24

desc department-A

vlan 20

ip address 192.1168.20.1/24

desc department-B

HTH

0 Helpful

Go to solution
cadet alain
VIP Alumni
VIP Alumni
In response to Reza Sharifi

ā€Ž09-24-2011 11:53 PM

Hi,

I think you could use the DHCP snooping + IP source guard feature to prevent users from changing their IPs.

http://www.cisco.com/en/US/docs/switches/lan/catalyst2960/software/release/12.2_52_se/configuration/guide/swdhcp82.html

Don't forget to rate helpful posts.
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card