Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

howto prevent someone use IPs for Servers on a LAN?

we are using a router 3640.

How i can close IP to a specific MAC Address on router that can't take that IP address?

using ip arp command didn't help. please learn me others.

thanks

2 REPLIES
New Member

Re: howto prevent someone use IPs for Servers on a LAN?

First.

Are you using DHCP???

If you are (i hope you are) and you want to prevent dhcp clients to take some IP's (servers in this case) you should use the 'ip dhcp excluded-address' command in this way:

ip dhcp excluded-address "first ip lastip"

http://www.cisco.com/en/US/customer/products/sw/iosswrel/ps1831/products_configuration_guide_chapter09186a00800ca6b5.html#xtocid4

You cannot create manual arp bindings since arp is a pure dynamic service

New Member

Re: howto prevent someone use IPs for Servers on a LAN?

arp 1.2.3.4 0000.1111.2222 arpa will set a static arp entry on the router.

There was a bug in older IOS releases which allowed gratious arp to override the static arp entries (something before 12.0(7)T ).

What IOS release are you running ?

The static arp entry will not help for clients in the same vlan as the server trying to access the local server, as the client could get the arp response from the misconfigured client. Put the servers in their own VLAN. If the performance of the 3640 is not enough use a L3 or MLS capable switch.

Regards Michel

104
Views
0
Helpful
2
Replies
CreatePlease to create content