[c-nsp] [j-nsp] How to protect the firewall
Saku Ytti
saku at ytti.fi
Thu Feb 9 08:47:26 EST 2017
On 9 February 2017 at 15:11, james list <jameslist72 at gmail.com> wrote:
Hey,
> My question: is there a way to protect the firewall ip addressing from
> other machines in lan which could send gratuitous arp with these addresses ?
>
> The ip addressing is static, no dhcp assignment on the server.
You can use DAI (Dynamic ARP Inspection) and IPSG (IP Source Guard).
But instead of DHCP, you create manual IPSG bindings.
--
++ytti
More information about the cisco-nsp
mailing list