I would like to shut down a switchport if the attached host generates a DHCP request.
I want to discourage users from connecting network devices (e.g. SmartPhones) via the PC USB port. The PCs have fixed IP addresses so they should never use DHCP. When they plug in certain (unauthorised) devices to their USB ports, the device generates a DHCP request, but using the MAC address of the PC (so it is no good using port-security).
Do you want to shut the switchport down or do you just want to stop them getting an IP address ?
If you just want to stop them getting IP address and your PC's are static could you not just make sure your DHCP server is on a separate vlan and have no ip helper-address command on the client vlan interfaces ?
I actually want to shut the port down. I want to provide a strong disincentive even to connect the devices unless they are authorised and correctly configured.
As it stands, I don't have any DHCP on that VLAN. There is an incoming access-list that logs any DHCP request (along with its MAC address) so I can go and tap the user on the shoulder. But they don't seem to learn. I still see DHCP requests, followed by traffic from 169.254.x.x (which is also blocked by the same access-list, and logged, together with its MAC address).
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...