03-12-2008 05:19 PM - edited 03-05-2019 09:43 PM
Hi,
We have two 6500 with Sup 720 and running HSRP backing up each other. BDF and IDF switches are Catalyst 3750 or 2960. Currently we are experiencing some user static hard coded their workstation ip to be one of our HSRP ip address. After workstation static assigned their IP to HSRP address, the core start log dup. IP and users start experiencing network outage. I wondering if anyone have any suggestion on how to secure their Layer 3 IP?
Thanks,
J
03-12-2008 05:47 PM
What do you mean how to secure their layer 3 IP?
The first thing you have to do is get this guy's PC off your network. Then you smack him upside his head for being stupid.
After that, I'm lost. What are you trying to accomplish?
Victor
03-12-2008 09:17 PM
One of user change computer IP from dhcp client to static ip. Unfortunate user use one of HSRP address and 6500 start log duplicated IP in syslog. Because of this issue a lot of workstations in the same network start use offended workstation's MAC as gateway MAC. I just wondering if anyone have any suggestion in network side to prevent this happen?
Thanks,
J
03-12-2008 09:36 PM
L2 hardening should do the trick. Implement Port-security, DHCP Snooping, and Dynamic Arp Inspection.
03-12-2008 09:55 PM
Thanks for suggestion. I do have Port-security and dhcp snooping implemented. However, it does not stop user from been static assigned its own IP. I think DAI will stop static assigned IP but I have few hundreds servers' mac that I will need to distributed throughout the campus and limiting users change NIC or switch ports is kind of pain for both user and us... I wonder anyone had done it differently?
Thanks
J
03-13-2008 01:07 AM
Hi J
Not actually a Cisco solution but here at where i work we run XP on the desktop and we lock down users PC's so that they cannot change their IP address. If you give the users permissions on their laptops to change things, load software etc. then no matter how many security features on the switches you enable you are still asking for trouble to be honest.
HTH
Jon
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: