OT - per-port IP filtering/config for ethernet access
Daniel McDonald
dan.mcdonald at austinenergy.com
Wed Feb 13 17:37:35 UTC 2013
On 2/13/13 5:44 AM, "Simon Hobson" <dhcp1 at thehobsons.co.uk> wrote:
> It's a bit OT for the list (although the intention is to provide DHCP), but I
> suspect a few people here are doing it ...
>
> So we need to be able to specify that a device (or devices) attached to a
> specific port are limited to using only certain IPs - and if they attempt to
> use anything else then the packets will just get dropped.
The Cisco features "dhcp snooping", "IP arp-inspection", and "IP
Verfiy-source" are probably what you want. Failing that, simple
access-lists work pretty well...
> At present each
> client gets their own subnet (/29 or /30 - some have 1 address, some require
> more) and VLAN - but when we switch providers we probably won't be able to get
> enough IPv4 address to be that wasteful.
--
Daniel J McDonald, CCIE # 2495, CISSP # 78281
More information about the dhcp-users
mailing list