cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

355
Views
0
Helpful
8
Replies
Frequent Contributor

Restricting access to a IP

This is my scenario. I have my IP as 172.16.1.1 (aaaa.bbbb.cccc.dddd) which has full internet access.  Now when i am not available in the office, i noticed some one assigning my IP in to his workstation and gaining full internet access. How do i restrict such things? i.e. even if some one assigning my IP on the network, they shouldnt access LAN or WAN.

I tried 'arp 172.16.1.1 aaaa.bbbb.cccc.dddd arpa' configuring on my L3 Cisco 3750X switch assuming i can acheive, but that did not help

8 REPLIES 8
Rising star

Restricting access to a IP

Hi,

1. You could exclude this IP from DHCP and assign IP manually.

2. Or you could reserve this IP for particular machine.


ip dhcp pool TEST 
 network 172.16.1.0 255.255.255.0
 default-router 172.16.1.254
 dns-server 8.8.8.8  
 lease 30


ip dhcp pool Test_User  
 host 172.16.1.1
 hardware-address aaaa.bbbb.cccc 
 client-name Test_User

https://supportforums.cisco.com/thread/2081838

Hope it will help.

Best regards,
Abzal

Hope it will help. Best regards, Abzal
Frequent Contributor

Restricting access to a IP

Other than configuring DHCP on the switch, is it possible in any other way?

Rising star

Restricting access to a IP

Of course there is you can use Windows 200X servers or Linux/FreeBSD servers which you prefer and know how to configure it. I assumed you are running DHCP on L3 switch.

And as I know MAC address is 48 bit long aaaa.bbbb.cccc

Example:

Conf t

arp 10.140.8.74 0100.5e7f.084a ARPA

arp 10.140.8.75 0100.5e7f.084b ARPA

Hope it will help.

Best regards,
Abzal

Hope it will help. Best regards, Abzal
Advisor

Restricting access to a IP

Hi,

This won't prevent other people from taking his IP address if they do it purposefully by assigning it statically.

In this case you'll need DHCP snooping and IP Sourceguard features to prevent this

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_52_se/configuration/guide/swdhcp82.html

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Highlighted
Frequent Contributor

Restricting access to a IP

As i mentioned earlier, 'arp 1.1.1.1 abcd.efgh.ijkl arpa' did not help me in that. DHCP running on Windows / Linux is not going ti help in this regard, however i will then stick with the DHCP on the switch if that restricts.

Advisor

Re: Restricting access to a IP

Hi,

configuring a static mapping is the same on  all DHCP servers if we except the configuration of course.

But this won't prevent someone from configuring your IP statically while you're not on the subnet.

Regards.

Alain

Don't forget to rate helpful posts.

Don't forget to rate helpful posts.
Rising star

Restricting access to a IP

If you you are running Windows AD with Group Policy on the network you could restrict changing IP address to standard user. The it should be ok. With Cisco devices honestly I'm not aware if it's possible.

Abzal

Hope it will help. Best regards, Abzal
Beginner

Restricting access to a IP

Cadet Alain is 100% correct.

You are dealing with a smart user. He known you are not in the office, he /she statically assigns your privileged IP to their device. The only way to restrict this is as follows

•1.      Reserve your IP address on the DHCP server. This will ensure no one else gets assigned the IP

•2.      Enable DHCP snooping and IP source guard.

•3.      Create static entry Source IP to your MAC.

Point 2 will enable you to populate a mapping of MAC to IP based on DHCP transactions. Since your IP is not assigned by DHCP, it will not appear in the list. Point 3 will add your IP to MAC mapping. So effectively your switch will only forward traffic which has passed point 2 & 3. Problem solved

CreatePlease to create content
Content for Community-Ad
July's Community Spotlight Awards