Re: How to configure MAC with IP bindings in cisco 2960 switch

Md.Mosharof Hossain · ‎09-09-2013

Dear,

I have a cisco 2960 switch (c2960-lanlitek9-mz.122-50.SE2.bin)

& want to configure mac security with IP address bindings. Is it possible, please help.

Thanks..

Leo Laohoo · ‎09-09-2013

You are looking at Sticky MAC.

Secure MAC Addresses

Md.Mosharof Hossain · ‎09-09-2013

Thanks Leo Laohoo,

Port security with mac working fine but how to bind IP address with MAC.

Please help..

Leo Laohoo · ‎09-09-2013

Port security with mac working fine but how to bind IP address with MAC.

Is the switch doing the role of a DHCP server?

Md.Mosharof Hossain · ‎09-09-2013

yes, the switch doing the role of a DHCP server.

Leo Laohoo · ‎09-09-2013

yes, the switch doing the role of a DHCP server.

Post the config and the output to the command "sh ip dhcp bind".

Md.Mosharof Hossain · ‎09-09-2013

Pls find the below output,

Switch#sh ip dhcp binding

Bindings from all pools not associated with VRF:

IP address Client-ID/ Lease expiration Type

Hardware address/

User name

172.29.10.55 0100.1125.12bb.6f Sep 11 2013 11:24 AM Automatic

johnlloyd_13 · ‎09-09-2013

hi,

you could use the mac-address-table static command:

mac-address-table static vlan interface

Leo Laohoo · ‎09-09-2013

Ok, thanks for the output. What about the rest?

What is your network going to be like? What IP address have you excluded? What's your DNS?

Md.Mosharof Hossain · ‎09-09-2013

Hi Leo Laohoo,

Pls find the details,

Network 172.29.10.0 255.255.255.0

default-router 172.29.10.1

exclude address 172.29.10.1 -172.29.10.50

name-server 172.25.10.10 172.25.10.11

thanks in advance...

Leo Laohoo · ‎09-09-2013

do clear ip dhcp bind *

ip dhcp exclude 172.19.10.1 172.19.10.50

ip dhcp pool BLAH

network 172.29.10.0/24

default 172.29.10.1

name-server 172.25.10.10 172.25.10.11

exit

ip dhcp pool BOOM

client 0100.1125.12bb.6f

network /24

default 172.29.10.1

name-server 172.25.10.10 172.25.10.11

Please don't forget to rate our useful posts.

Md.Mosharof Hossain · ‎09-09-2013

Hi Leo Laohoo,

Thanks for your prompt reply. I have configured but if i change the ip address the communication is still ok. I want to configure static IP address in the client machine and my object is if client change the ip address of their PC, the communication will off. I want to configure one port with one IP will work. Please help..

Md.Mosharof Hossain · ‎09-10-2013

Hi Leo Laohoo,

Waiting for your kind response...

cadet alain · ‎09-10-2013

Hi,

What do you want exactly? You want to bind the DHCP leased address to the device(MAC address) and refrain the user from changing this IP statically? I so then use the host pool config proposed by Leo and implement DHCP snooping +IP Source guard on your switch to prevent the user from changing the IP.

Regards

Alain

Don't forget to rate helpful posts.

Md.Mosharof Hossain · ‎09-10-2013

Hi Leo Laohoo/Alain

I have configured the following and working fine..thanks for your cooperation..

ip dhcp snooping vlan 100
ip dhcp snooping

interface FastEthernet0/47
switchport access vlan 100
switchport mode access
spanning-tree portfast
ip verify source
!
interface FastEthernet0/48
switchport access vlan 100
switchport mode access
spanning-tree portfast
ip verify source
!
ip source binding 0011.2512.BB6F vlan 100 172.29.10.55 interface Fa0/47
ip source binding 1803.7345.982F vlan 100 172.29.10.61 interface Fa0/48
!