Cisco – MAC address and IP address over Cisco and HP switches L2 and L3

ciscohpipmac address

I want to only allow the device that is connected to the switch port with a specific MAC address and a static IP address to access the network. If the device MAC or IP address is changed, it will not be allowed to access the network.

I use the MAC address table, but I also want to restrict the IP address. How can I accomplish this?

Best Answer

You can enable DHCP snooping, ARP inspection, etc. A host with a statically assigned IP address would need an exception to be manually entered in the switch for the port where the statically address host is connected.

You can also use 802.1X to verify that the host is allowed to connect to the network. This requires more infrastructure than just the switch.

You can also use VACLs to restrict traffic.

Related Solutions

MAC Address – How to Trace on a Switched LAN

If you have an end-to-end vlan topology, where vlans are not terminated on switches, you can use somethink like this algorithm:

On the root switch get the mac address table, use filter output:

sh mac add | i 8a06

1    0015.5d02.8a06   dynamic ip,ipx,assigned,other TenGigabitEthernet4/5

Now you know, that mac is behind interface TenGigabitEthernet4/5. Connect to the switch behind this interface, and repeat sh mac add | i 8a06. You will find your host in the end.

Cisco – Centralized MAC address database for Cisco switches

I'm pretty sure you're thinking of 802.1x. You can use that to permit hosts based on MAC addresses.

This isn't the most secure way to authenticate hosts since spoofing a MAC address is fairly trivial and can be achieved with a single command, in most cases.

Best Answer

Related Solutions

MAC Address – How to Trace on a Switched LAN

Cisco – Centralized MAC address database for Cisco switches

Related Topic