Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
482
Views
0
Helpful
4
Replies

Layer 2 security

Mohamed Raffiudeen
Level 1
Level 1

‎01-14-2012 07:59 AM - edited ‎03-07-2019 04:21 AM

Need to prevent unauthorized users from getting IP address from DHCP when connected to our wired network.

In few remote sites we run DHCP for voice & data in the router where only limited users (around 30)are operating. We dont have IT assistance in those sites.

Our business is automotive and we let customers/users to our premise. We need to block the unauthorized user from using our network.

Any configuration can be done in the cisco access switch level?

Thanks in advance...

Labels:
0 Helpful
4 Replies 4

Reza Sharifi
Hall of Fame
Hall of Fame

‎01-14-2012 08:27 AM

Hi,

You can try deploying DHCP snooping.

here is a link for your reference:

http://www.cisco.com/en/US/docs/switches/lan/catalyst4500/12.1/12ew/configuration/guide/dhcp.pdf

HTH

0 Helpful

cadet alain
VIP Alumni
VIP Alumni
In response to Reza Sharifi

‎01-14-2012 09:08 AM

Hi Reza,

I don't think DHCP snooping could prevent users from getting an address from the server  as its goal is to prevent unauthorized DHCP servers and eventually rate)limit the client requests.

I think that dot1x should be more appropriate for this case.

Regards.

Alain

Don't forget to rate helpful posts.
0 Helpful

Mohamed Raffiudeen
Level 1
Level 1
In response to cadet alain

‎01-14-2012 09:29 AM

Hi Alain,

I beleive that is the best option for which we require an authentication server. Any other possibility without the AAA server.

Reagrds,

Raffi...

0 Helpful

Jernej Vodopivec
Level 4
Level 4
In response to Mohamed Raffiudeen

‎01-14-2012 10:09 AM

you can enable port security on switch port and limit it to only one approved mac address

Sent from Cisco Technical Support iPad App

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card