OT: DHCP IP address lockdown

Alan Buxey A.L.M.Buxey at lboro.ac.uk
Thu Dec 8 21:44:33 UTC 2011


>    We have a large DHCP pool, and 99% of people use the IP we allocate them,
>    but some statically assign whatever IP they want to their machines. We
>    cannot lock down the client machines as they can be anything (linux, mac,
>    windows, mobile etc).� We are using 802.1x so users authenticate to access
>    the network.I know we can lock our cisco ports down to a single MAC
>    address, but this doesn't prevent a person setting their own IP address
>    manually. How do others solve this problem?� Can it be solved at the
>    network level?� I want users to only get network access using the IP
>    address we assign them.

dynamic arp inspection coupled with dhcp snooping.  if the switch doesnt
see the address given via DHCP is doenst let it populate the ARP tables


More information about the dhcp-users mailing list