[c-nsp] Disable ARP - dot1x?
David Barak
thegameiam at yahoo.com
Fri Aug 25 10:24:37 EDT 2006
--- "Alex A. Pavlenko" <lex at sandy.ru> wrote:
> Thanks, you've revealed to me a very interesting
> technique. However it is linked to DHCP, which is
> not used in our network. The main goal is to
> increase security - to forbid customers
> to steal ip addresses. Obviously, it can be achieved
> by setting static ARP cache entries
> on the router and disable ARP learning on
> subinterface. Without second step customer
> can take unused ip address which is not statically
> placed into ARP cache. However
> it is still incomprehensible how to disable ARP :(
> The only workaround I see is to
> attach inbound access-list where all legitimate
> addresses are listed, but it requires
> a lot of hand work and consumes router resources :(
> So I'll appreciate any further ideas if any.
> Thanks
>
Have you considered implementing dot1x on the switch?
Not a cure-all, but it might provide what you're
looking for.
-David
David Barak
Need Geek Rock? Try The Franchise:
http://www.listentothefranchise.com
__________________________________________________
Do You Yahoo!?
Tired of spam? Yahoo! Mail has the best spam protection around
http://mail.yahoo.com
More information about the cisco-nsp
mailing list