cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
685
Views
4
Helpful
4
Replies

Locking swith ports to an IP-address

Hi,

We are about to build an ethernet network for about a 100 home users.

I would like to have the ability to lock ports on swithes to a single ip address so if the clients change their ip address they cant get anywhere. Also broadcast control is important.

What Cisco products do you recommend for this?

4 Replies 4

d.thaker
Level 1
Level 1

Hi Anderson,

If you are going to use cisco switch and would like to bind ports with IP it doesn't possible. Because it is layer 2 device. But you can bind the MAC address of NIC using port security feature available with cisco switch. With this option only a perticuar MAC will be able to use that port. You can use any switch. It is recommended by cisco to use Cat5000 for 100+ users. Otherwise you can go for more then 2 switches of 48 ports and stack them.

All the best and happy networking

Dilip/Jevin

Thanks for your answer Dilip.

Is it not possible to apply access-lists to an interface on the 3550 or 4000 series swithes with layer3 functionality?.

If possible, do you know how the perfomance is affected. The users should be able to communicate at wire speed if possible.

if a user changes is IP address to a different one from a different vlan, he won't be able to go anywhere because, it won't be able to find a default gateway.

If it changes the ip address to a different one from the current vlan, he might create some duplicate address issue, but you will see it immediately and he won't be able to do anything also.

So, is it really important to assign 1 ip address to 1 port ???

Otherwise, as you mentioned the cat4000 and cat3550 are the 2 switches to go for. The 5000 is getting old and won't let you do Layer3 ACL.

Gilles.

Hi Gilles and thanks for the answer.

I am not afraid that the users might try to get in another vlan but that they would take the identity of another user.

I have been reading about ACL's applied to an layer2 interface called port ACL's. I know that the ACL's are inbound only but that is what i am looking for.

Do you know the ACL's impact on network perfomance or is this done at wire speed?.

Anders.

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: