[c-nsp] Prevent "IP Spoofing" from inside of the network
Gyebnár Krisztián
gyebi at freemail.hu
Tue May 24 09:39:28 EDT 2005
unfortunately supported only in 3750 & 3560 with EMI :-(
older boxes :2980,3550, can't do this :-(((
krisztián
----- Original Message -----
From: "Saku Ytti" <saku+cisco-nsp at ytti.fi>
To: <cisco-nsp at puck.nether.net>
Sent: Tuesday, May 24, 2005 2:02 PM
Subject: Re: [c-nsp] Prevent "IP Spoofing" from inside of the network
> On (2005-05-24 13:55 +0200), ricardo.jantarada at bnpparibas.com wrote:
>
>> Ok, but we have a few number of divices that can't be in DHCP. I'm
>> talking
>> about servers in there own Vlan.
>> The fact is that i would like to check the IP address of every "non-DHCP"
>> divice before having them connected to this Vlan...
>
> Do you trust these ports running DHCP now to run DHCP and not static IP
> address tomorrow? I'd protect each and every port.
>
>> I know that switches don't deal with IP addresses but i hope there is a
>> way
>> to do so.
>
> Yes, access-list, ip source guard basicly is just access-list triggered
> by DHCP, nothing stops you doing those access-lists manually.
>
> --
> ++ytti
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
>
More information about the cisco-nsp
mailing list