cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

Community Helping Community

241
Views
0
Helpful
5
Replies

Restrict port to specific range of IP addresses?

All my access switches are 2960X, and I'd like to restrict all the ports to only allow IP addresses in a specific range to connect to the port. I want this to insure only IPs in the client range can actually be on those ports.

I'm planning on also configuring IP Source Guard, but that won't protect against someone manually changing the IP addresses on the client to something outside the allowed client range.

I'm pretty sure this can be done, but so far I haven't been able to find out ho

5 REPLIES 5
Collaborator

Re: Restrict port to specific range of IP addresses?

 

 - Note that switch-ports basically handle layer 2 traffic which they can perfectly do from a device that doesn't even have an IP address. In this the usual debate arises from controller network management versus I-don't-know-what-is-going-on. Personally I prefer the first approach implemented through well configured DHCP servers (e.g.) , so that you question 'becomes no longer needed'.

 M.

Beginner

Re: Restrict port to specific range of IP addresses?

Hi,

 

Dynamic ARP inspection which relies on DHCP snooping building database with bindings mac to ip addresses. So if user will change his ip address switch will drop those packets because bindings in DHCP snooping database will not match.

 

 

VIP Advisor

Re: Restrict port to specific range of IP addresses?

Hello


@donohoecompanies wrote:

All my access switches are 2960X, and I'd like to restrict all the ports to only allow IP addresses in a specific range to connect to the port. I want this to insure only IPs in the client range can actually be on those ports.

Just to clarify and if possible elaborate?
 Do you mean these ports are able to reach this specific ip range or these ports are allowcated ip addressing from a specific ip range?

 



kind regards
Paul

Please rate and mark posts accordingly if you have found any of the information provided useful.
It will hopefully assist others with similar issues in the future
Highlighted

Re: Restrict port to specific range of IP addresses?


@paul driver wrote:

 Do you mean these ports are able to reach this specific ip range or these ports are allowcated ip addressing from a specific ip range?

 


The ports are allocated IP addressing from a specific IP range.

VIP Advisor

Re: Restrict port to specific range of IP addresses?

For now, i can only think of DHCP with IP reserved and MAC ACL to protect.

 

BB
*** Rate All Helpful Responses ***
CreatePlease to create content
Content for Community-Ad