Hello everyone! I have a task "as is" to have one ip network spanning multiple 6500 interfaces(every interface will be connected to single department with dummy switch on remote side). In addition i need to have ip source guard or equivalen feature to restrict static ip address assignements by users. The problem is i have a quite old Sup2/MSFC2/PFC2 gear installed on 6500. My first idea was to use native mode with s222-adventerprisek9_wan-mz.122-18.SXF17, but there is no ip source guard feature there(optionally i thought to use MAC ACL+ IP ACL, which are dynamically filled with entries from management statoin as eligible users come online). Second option is was to use hybrid mode with cat6000-sup2cvk9.8-6-4.bin and c6msfc2-adventerprisek9_wan-mz.122-18.SXF6, which supports ip source guard, but does not support ip unnumbered for VLAN SVI.
So the question is there any option which allow single ip network to span multiple L3/SVI interfaces in hybrid mode, or any option like ip source guard in native mode.
if there is a dumb switch on the remote site there is little you can do to protect the users from themselves.
Features like ip source guard are effective if configured near the end user.
Put each remote site in a separate ip subnet, it is the best choice also for limiting unnecessary broadcast traffic.
You could try to play with IRB putting all SVI vlan interfaces in the same bridge-group.
I think I used if for a joining vlans in a sup2/MSFC2 with native IOS:
Also you can explore the use of Port ACL if supported you could be able to apply different ACLs to ports leading to different remote sites.
Hope to help