[c-nsp] preventing unwanted devices on the network

Dan Letkeman danletkeman at gmail.com
Sat May 31 23:14:32 EDT 2008


Thanks for this info.  I will look into this some more, but I think
there should be some stuff here that should help me.



On Sat, May 31, 2008 at 4:43 PM,  <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
>> Also I would like to prevent unwanted static ip addresses on this
>> network as well.  My current setup is a 3560 switch which has multiple
>> 2960 switches connected to it.  I would like to prevent this type of
>> traffic right at the edge ports.  Would an access list be the
>> appropriate way to protect this?  Unfortunately port security will not
>> work for us.
>
> you'll probably want the IP source guard functionality. this means
> the device will only touch IP addresses that are known via its
> IP to MAC binding table generated via DHCP (DHCP snooping drives
> the show)
>
> really its all part of the 'Turn It On' program.
>
> http://www.cisco.com/web/strategy/docs/gov/turniton_cisf.pdf
>
> alan
>


More information about the cisco-nsp mailing list