[c-nsp] [j-nsp] How to protect the firewall

Saku Ytti saku at ytti.fi
Thu Feb 9 08:47:26 EST 2017


On 9 February 2017 at 15:11, james list <jameslist72 at gmail.com> wrote:

Hey,

> My question: is there a way to protect the firewall ip addressing from
> other machines in lan which could send gratuitous arp with these addresses ?
>
> The ip addressing is static, no dhcp assignment on the server.

You can use DAI (Dynamic ARP Inspection) and IPSG (IP Source Guard).
But instead of DHCP, you create manual IPSG bindings.

-- 
  ++ytti


More information about the cisco-nsp mailing list