Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
704
Views
0
Helpful
2
Replies

deny mismatch ip to mac-address

jpl861
Level 4
Level 4

‎02-18-2007 10:09 PM - edited ‎03-05-2019 02:25 PM

Hi,

I need to configure an access-list that will permit a workstation to browse specific website only and will deny all traffic.

The router is configured as the dhcp server. I will create an ip-to-macaddr reserveration for that workstation.

What I need to do is to block the workstation if the mac-address is not corresponding to a specific ip address because he might configure a static ip address that will give him access to all resources.

please help. thanks.

Labels:
0 Helpful
2 Replies 2

criss_noh
Level 1
Level 1

‎02-21-2007 04:05 PM

To prevent from static IP address, you should use DHCP snooping including ARP inspection.

0 Helpful

bjw
Level 4
Level 4

‎02-21-2007 04:13 PM

Or use port security and hard code the MAC address you know is the "official" station MAC address. You can configure port security to shutdown the port if the MAC address changes.

http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_guide_chapter09186a008019f030.html

And as the last submitee mention IP DHCP SNOOPING is another good layer.

Then an ACL on the router and bam!!!!

Security Soup!

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card