[nsp] ARP filtering
Sam Stickland
sam_ml at spacething.org
Mon Jul 12 12:19:23 EDT 2004
On Mon, 12 Jul 2004, Marko Milivojevic wrote:
> > It's for situations where you have a number of co-located machines in a
> > single VLAN and you wish to stop customers using IP addresses that aren't
> > assigned to them.
>
> First of all, let me begin by saying that this might not be the best way
> of doing it...
>
> That said, have you considered configuring static arp on the switch?
Yes, that's been considered, but it requires knowing the MAC addresses of
all the attached customer equipment which adds another level of
administration.
Basically it would be nice to have a way to say, only these IP addresses
from this port, and not have to worry about ARP replies screwing things
up, and without needing to track the MAC addresses of every piece of colo
equipment. I'm trying to reduce the workload here, not add more ;)
There really doesn't seem to be much information about any switch vendor
supporting this, so I guess it's either a) more difficult to implement
than I imagine; or b) there's another way to achieve this that I've
missed.
Sam
More information about the cisco-nsp
mailing list