Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ID who is who on a LAN

ok, Here is the problem.

My router----C3548----contractor router

Some of my sites share switch with contractor. So contractor's PC's default gateway is contractor router. However, potentially, someone can intentionally change their IP setting so they can get to my network too (by adding my router as second default gateway, edit routing table under Window, etc). How do I block those rogue PCs from entering my network?

1. I can ask local admin give me a list of known MACs and shut down the port that are not using. Or I can set up VMPS. The problem is I have 400 plus sites.

2. Of course I can disconnect their router from my switch. But for various political reasons, I cannot just unplug them.

3. Enforce from Window? of course they don't have our login username and password. Is there a way to be done from Window?

Please help!


Re: ID who is who on a LAN

Are they on the same subnet..

You can apply access-list if you know the range of the ip address to block on your site of the router.

New Member

Re: ID who is who on a LAN

Thanks for your response.

Unfortunally, for those small sites, they are all on the same subnet. However, those contractors can change their IP so it will look from one of my guys. There is no way to block them, is there?

New Member

Re: ID who is who on a LAN

Well, maybe the easiest way is to plead with their Network Admin or upper management to have the admin rights removed from their PC's. Once that is done, I don't think they can change their IP address. Good luck.



Re: ID who is who on a LAN

if they don;t need to talk to your network, put them in separate vlan.

There is anothe solution too but with the small switches this is not possible. You have to have cat4k or cat6k series switches to implement Combination of private vlan and vacl etc to achieve whatever you are looking for--

CreatePlease login to create content