[c-nsp] Prevent "IP Spoofing" from inside of the network
Saku Ytti
saku+cisco-nsp at ytti.fi
Tue May 24 08:02:00 EDT 2005
On (2005-05-24 13:55 +0200), ricardo.jantarada at bnpparibas.com wrote:
> Ok, but we have a few number of divices that can't be in DHCP. I'm talking
> about servers in there own Vlan.
> The fact is that i would like to check the IP address of every "non-DHCP"
> divice before having them connected to this Vlan...
Do you trust these ports running DHCP now to run DHCP and not static IP
address tomorrow? I'd protect each and every port.
> I know that switches don't deal with IP addresses but i hope there is a way
> to do so.
Yes, access-list, ip source guard basicly is just access-list triggered
by DHCP, nothing stops you doing those access-lists manually.
--
++ytti
More information about the cisco-nsp
mailing list