[c-nsp] preventing unwanted devices on the network
Dan Letkeman
danletkeman at gmail.com
Sat May 31 23:14:32 EDT 2008
Thanks for this info. I will look into this some more, but I think
there should be some stuff here that should help me.
On Sat, May 31, 2008 at 4:43 PM, <A.L.M.Buxey at lboro.ac.uk> wrote:
> Hi,
>
>> Also I would like to prevent unwanted static ip addresses on this
>> network as well. My current setup is a 3560 switch which has multiple
>> 2960 switches connected to it. I would like to prevent this type of
>> traffic right at the edge ports. Would an access list be the
>> appropriate way to protect this? Unfortunately port security will not
>> work for us.
>
> you'll probably want the IP source guard functionality. this means
> the device will only touch IP addresses that are known via its
> IP to MAC binding table generated via DHCP (DHCP snooping drives
> the show)
>
> really its all part of the 'Turn It On' program.
>
> http://www.cisco.com/web/strategy/docs/gov/turniton_cisf.pdf
>
> alan
>
More information about the cisco-nsp
mailing list