We have the following setup in our DataCentre and experience IP conflicts with the HSRP address. On the 2960 is 1 VLAN connected to a Catylyst 4000 switches with HSRP enable for the gateway of clients on the 2960. The probem we experience is customers on the 2960 switch add the HSRP address as a secondary IP on their Network connection and all traffic will route to their servers. Is there a way to prevent customers to use the HSRP address on their servers ? We have setup access list for each interface but this seems to happen on layer 2.