[c-nsp] Blocking arp / DAI
Casper Gondelach
cgondelach at unet.nl
Fri Jun 20 09:39:02 EDT 2014
Mike,
Are you looking for ip source guard?
http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3560/software/release/12-2_52_se/configuration/guide/3560scg/swdhcp82.html
This uses the binding database to block everything except the
database. We use this to prevent static ip's / address stealing.
Gr,
Casper
2014-06-20 15:13 GMT+02:00 Mike <mike-cisconsplist at tiedyenetworks.com>:
> Hi,
>
> I have 3560G switches configured for dhcp snooping, and I can see that
> the switches have a database of dhcp bindings per interface. I am wondering
> if there might be some way to configure the switch to block all traffic (arp
> for example) for addresses not in the binding database? eg: Can I prevent
> the switch from forwarding ARP for addresses that are not in the binding
> database?
>
> Mike-
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list