10-21-2019 03:12 AM - edited 10-21-2019 03:32 AM
All my access switches are 2960X, and I'd like to restrict all the ports to only allow IP addresses in a specific range to connect to the port. I want this to insure only IPs in the client range can actually be on those ports.
I'm planning on also configuring IP Source Guard, but that won't protect against someone manually changing the IP addresses on the client to something outside the allowed client range.
I'm pretty sure this can be done, but so far I haven't been able to find out ho
10-21-2019 03:32 AM
- Note that switch-ports basically handle layer 2 traffic which they can perfectly do from a device that doesn't even have an IP address. In this the usual debate arises from controller network management versus I-don't-know-what-is-going-on. Personally I prefer the first approach implemented through well configured DHCP servers (e.g.) , so that you question 'becomes no longer needed'.
M.
10-21-2019 03:46 AM
Hi,
Dynamic ARP inspection which relies on DHCP snooping building database with bindings mac to ip addresses. So if user will change his ip address switch will drop those packets because bindings in DHCP snooping database will not match.
10-21-2019 04:32 AM - edited 10-21-2019 04:32 AM
Hello
@donohoecompanies wrote:
All my access switches are 2960X, and I'd like to restrict all the ports to only allow IP addresses in a specific range to connect to the port. I want this to insure only IPs in the client range can actually be on those ports.
Just to clarify and if possible elaborate?
Do you mean these ports are able to reach this specific ip range or these ports are allowcated ip addressing from a specific ip range?
10-21-2019 05:33 PM
@paul driver wrote:Do you mean these ports are able to reach this specific ip range or these ports are allowcated ip addressing from a specific ip range?
The ports are allocated IP addressing from a specific IP range.
10-21-2019 05:17 AM
For now, i can only think of DHCP with IP reserved and MAC ACL to protect.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide