We got 1 customer that would like us to configure a system based on SG300-20 linked up with an SG300-10SFP using trafficshaping ingress and egress limited to 40mbit.
This part of the case is solved using ingress/egress 40960 with an burtlimit a bith higher.
But he also wants each firewall configured on the net to only be able to have 1 ip on that spesific port.
this is an owner of a building that rents out to other companies. Each comapny is assinged a port on the SG300-20 and has theire own ip (ie 100.100.12.34) all of them are part of a /26 net and would use the same Gateway.
Is this possible ?
that the company assigned to ie port 14 in switch 1 only can use 100.100.12.34/26 gw 100.100.12.1 and if they change to 100.100.12.36 it will not work. This to prevent the endusers from changing and fu...g up the net for the rest :-)
and on port 16 on switch 1 they can only use 100.100.12.36/26 with gw 100.100.12.1
thnsk for any input
switches are in layer2 mode , but nothing is in production yet so i can change ot layer3 if thats what it takes.
Hi Thomas, you can enable dynamic ARP inspection, make the port UNTRUSTED then make a MAC to IP binding for the desired addresses you want to connect in to the port. Then for the uplink, make it a trusted port to allow all ingress connection there.
-Tom Please mark answered for helpful posts
Please mark answered for helpful posts
Internet -> Router -> Core switch (no client/customer) -> Access switch -> Client/customer
For argument sake, your uplink from access switch is port 18 which connects to port 18 of the core switch
On access switch, your desire is to have a client or customer connect to the switch using a specific MAC address and IP address and no other
Dynamic ARP inspections statically MAPS and IP address to a MAC address, any connection using the same MAC but different IP will be dropped and any connection using the same IP but different MAC will be dropped
Create an access list to permit only the desire IP address on the INGRESS port and block any other traffic to that port
If i got the aCL bit correct wouldnt that just deny traffic on the port, but will it also stop the guy on switch 3 port 20 from settings ie ip 100.100.12.34 and not 100.100.12.33 that he should use and then create a ip crash with the guy actually using 100.100.12.34. ??
This is how i would like the net to be :-) would it work to use VLAN ??
Vlan5: 100.100.12.5\26- tag på GE1
Vlan6: 100.100.12.6\26 - tag på GE2
Vlan7: 100.100.12.7\26- tag på GE3
Vlan8: 100.100.12.8\26- tag på GE4
Vlan23: 100.100.12.23\26- tag på GE3 on switch 3
Vlan34: 100.100.12.34\26- tag på GE3 on switch 4
The internet/router is GW where 0.0.0.0/0.0.0.0 100.100.12.1 will be
Article ID:4006 Configure Secure Shell (SSH) Server Authentication
Settings on a Switch Objective Secure Shell (SSH) is a protocol that
provides a secure remote connection to specific network devices. This
connection provides functionality that is similar...
Article ID:4982 Access an SMB Switch CLI using SSH or Telnet Objective
The Cisco Small Business Managed Switches can be remotely accessed and
configured through the Command Line Interface (CLI). Accessing the CLI
allows commands to be entered in a termina...
Article ID:5735 Convert Configuration Files using the Configuration
Migration Tool on Cisco Small Business Switches Introduction The Cisco
Configuration Migration Tool allows you to convert configuration files
from previous generation of Cisco Small Busin...