[c-nsp] preventing unwanted devices on the network

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Sat May 31 17:43:58 EDT 2008


Hi,

> Also I would like to prevent unwanted static ip addresses on this
> network as well.  My current setup is a 3560 switch which has multiple
> 2960 switches connected to it.  I would like to prevent this type of
> traffic right at the edge ports.  Would an access list be the
> appropriate way to protect this?  Unfortunately port security will not
> work for us.

you'll probably want the IP source guard functionality. this means
the device will only touch IP addresses that are known via its 
IP to MAC binding table generated via DHCP (DHCP snooping drives
the show)

really its all part of the 'Turn It On' program.

http://www.cisco.com/web/strategy/docs/gov/turniton_cisf.pdf

alan


More information about the cisco-nsp mailing list