OT - per-port IP filtering/config for ethernet access

Daniel McDonald dan.mcdonald at austinenergy.com
Wed Feb 13 17:37:35 UTC 2013

On 2/13/13 5:44 AM, "Simon Hobson" <dhcp1 at thehobsons.co.uk> wrote:

> It's a bit OT for the list (although the intention is to provide DHCP), but I
> suspect a few people here are doing it ...
> So we need to be able to specify that a device (or devices) attached to a
> specific port are limited to using only certain IPs - and if they attempt to
> use anything else then the packets will just get dropped.

The Cisco features "dhcp snooping", "IP arp-inspection", and "IP
Verfiy-source" are probably what you want.  Failing that, simple
access-lists work pretty well...

> At present each 
> client gets their own subnet (/29 or /30 - some have 1 address, some require
> more) and VLAN - but when we switch providers we probably won't be able to get
> enough IPv4 address to be that wasteful.

Daniel J McDonald, CCIE # 2495, CISSP # 78281

More information about the dhcp-users mailing list