Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
412
Views
4
Helpful
2
Replies

Deny access by IP.

captawol7
Level 1
Level 1

‎11-20-2006 10:37 AM - edited ‎03-05-2019 12:56 PM

Is there a method of preventing a device with an IP address of 172.25.*.1 (* = any number) from being allowed on the network? The problem I am facing is the end user incorrectly configuring a device and using the .1 gateway address. We run DHCP and have multiple vlans. Our 'edge' switches are 3500XL, 2950 and 2960's.

I have thought about 802.1x but then all the devices must run a suplicant/client in order to connect and some devices are not capable of doing this.

The ideal solution would be the ability to detect the fraudulant gateway address on the edge port and disable the port.

Labels:
0 Helpful
2 Replies 2

Sureshdank
Level 1
Level 1

‎11-20-2006 07:30 PM

You need to have L3 deivce for doing so. ACLs can be implemented on the interfaces which can block any ip address and any protocol.

captawol7
Level 1
Level 1
In response to Sureshdank

‎11-20-2006 07:44 PM

That is what I thought, but didn't know if I was missing some hidden trick that exists.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card