[c-nsp] Prevent "IP Spoofing" from inside of the network

Saku Ytti saku+cisco-nsp at ytti.fi
Tue May 24 09:54:14 EDT 2005


On (2005-05-24 15:39 +0200), Gyebnár Krisztián wrote:

> unfortunately supported only in 3750 & 3560 with EMI :-(
> 
> older boxes :2980,3550, can't do this :-(((

 I believe you're trying to refer to ip source guard and/or dynamic arp 
inspection which were not mentioned in this post but earlier. Those are
supported since 12.2(25)SEB even in 3550 IP Base (formerly known as SMI).
 Ingress ACL on the other hand is supported even by 2950.

> krisztián
> 
> ----- Original Message ----- 
> From: "Saku Ytti" <saku+cisco-nsp at ytti.fi>
> To: <cisco-nsp at puck.nether.net>
> Sent: Tuesday, May 24, 2005 2:02 PM
> Subject: Re: [c-nsp] Prevent "IP Spoofing" from inside of the network
> 
> 
> > On (2005-05-24 13:55 +0200), ricardo.jantarada at bnpparibas.com wrote:
> >
> >> Ok, but we have a few number of divices that can't be in DHCP. I'm 
> >> talking
> >> about servers in there own Vlan.
> >> The fact is that i would like to check the IP address of every "non-DHCP"
> >> divice before having them connected to this Vlan...
> >
> > Do you trust these ports running DHCP now to run DHCP and not static IP
> > address tomorrow? I'd protect each and every port.
> >
> >> I know that switches don't deal with IP addresses but i hope there is a 
> >> way
> >> to do so.
> >
> > Yes, access-list, ip source guard basicly is just access-list triggered
> > by DHCP, nothing stops you doing those access-lists manually.
> >
> > -- 
> >  ++ytti
> > _______________________________________________
> > cisco-nsp mailing list  cisco-nsp at puck.nether.net
> > https://puck.nether.net/mailman/listinfo/cisco-nsp
> > archive at http://puck.nether.net/pipermail/cisco-nsp/
> > 
> 
> _______________________________________________
> cisco-nsp mailing list  cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
> 

-- 
  ++ytti


More information about the cisco-nsp mailing list