Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations TouchToneTommy on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Stealing IP Address using Static IP

Status
Not open for further replies.
Edward999

Edward999

Programmer
Dec 26, 2002
112
MY

Hi i got problem with steling IP address using static ip.

I have a core switch 3550 connected to two 5324 Dell switch.
Both of the Dell switch have "trunking with 802.1q" on 3550 port.

I manage to get Ip address from DHCP when i connected to dell switch.

Everthing working fine except IP address from DHCP.

Actually i have assign an 20 ip address example 10.0.2.1 to 10.0.2.20 to a particular vlan but i still can use a static ip example 10.0.2.21 or 10.0.2.22.

So how to prevent my user from using ip address out of the range allocation from DHCP server?

I try to use access-list but it not working.

please help...thanks for any reply







 
Sort by date Sort by votes
Using access lists should work in my opinion. You could also use the feature port-security...
If you got problems with the config of the access-list you could post it to the forum.
bye,
busche
 
Upvote 0 Downvote

HI Thanks for your reply. I'm using access-list now but i got some problem with access-list.

access-list 101 permit udp any any eq 67
access-list 101 permit udp any any eq 68
access-list 101 deny ip 10.0.0.0 0.255.255.255 10.0.0.0 0.255.255.255
access-list 101 permit ip 10.0.3.0 0.0.0.127 any

Can i know whether above access-list working or not?. Actually i'm trying to deny certain ip address because i have a lots of vlan with different different subnet and i have to blok the traffic between different vlan.

At the same time i have to allow certain range of vlan to access internet. I manage to get ip address from DHCP server with opening port 67 and 68.

please help....thanks for any reply





 
Upvote 0 Downvote
you need to do a VACL

that way you can filter them from any port they're on (if the ports are in switchport mode)
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

B
  • Locked
  • Question
Cisco IP phone 7841 8851 unable to forward all to external number
Replies
0
Views
244
badwolf1686
B
jobsp90
  • Locked
  • Question
I have a issue in my office hospital network regarding using IPPBX software.
Replies
2
Views
291
DavetheChef
DavetheChef
Collab_Guy
  • Locked
  • Question
Anyone using automation with their CUCM?
Replies
1
Views
328
kyle555
kyle555
Delta5
  • Locked
  • Question
Cisco setting for automatic ip arp cache refresh
Replies
3
Views
1K
iggsterman
iggsterman
NavinNet
  • Locked
  • Question
Why 2 different mac addresses of a server are being shown of CISCO 6509E Layer-3 Switch ?
Replies
0
Views
227
NavinNet
NavinNet

Part and Inventory Search

Sponsor

Back
Top