Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

locking an ip to a port


I'd like to know if it is possible to fix an ip to be assigned through the dhcp function in a switch to a specific port. For example, if i connect a PC in my port 10 in a switch I'd like to get always the same ip, and if i connect another PC that this PC get the same ip in that port.

Thanks in advance

New Member

Re: locking an ip to a port

As you might know dhcp can be configured to bind a mac address to a ip. Also you can add a static mac address to an interface and vlan. Hence you have always the same ip at the same port. Drawback is the pore scalability.

New Member

Re: locking an ip to a port

Here are some thoughts that you might consider.

One option would be to extend layer 3 all the way to the access port and use a /30 bit subnet per access port. One host address would be applied to the switch interface and the second address would be given to the PC that connects to that interface. This could be done by creating a VLAN for every port and assigning one IP to the VLAN or just making the port a layer 3 port. The problem here is that you will waste many IP's and you will need a switch capable of running layer 3 interfaces, such as a 3550 with the EMI feature set.

Wasting IP may not be a problem if you plan properly. Using all the IPs in the, and networks would take you quite a while if you subneted properly.

A second option would be to use /31 bit addresses. The network address is assign to the PC and the broadcast address is assigned to the port. This is covered in RFC 3021 and is at cisco link:

The draw back to /31 bit is that most DHCP servers will not allow you to give out a 0 or 1 bit host address because those are generally reserved for broadcast and network idenitification and not host traffic.

If you leave the port layer 2, there is no way I can think of to deliver the same IP to the port even with DOT1x port authentication where radius would give the IP, but that is based up username.

Hope this helps,


CreatePlease login to create content