Solved

Prevent users from using locally set static IP address to connect to network

Posted on 2009-04-14
6
341 Views
Last Modified: 2012-05-06
We are currently a cisco house (with sonicwall firewall) and I would like to implement somthing (NOT ISA SERVER) which will prevent users bringing in laptops from home and setting static ip's to connect to our network. We have had a problem in the past where a user plugged in a laptop that had the same address as our firewall which took our network down for a while until we could trace source. I am implementing VLAN's and also will be doing port security which will prevent this, HOWEVER, i will not be done with segmentation project for some time. I need an interim solution which will prevent users on a FLAT network from taking up either our SWITCH ip's or FIREWALL ip. I need recommendations on something i can implement which is FREE. Thanks in advance for all of your responses.
0
Comment
Question by:mati02
  • 3
  • 3
6 Comments
 
LVL 6

Accepted Solution

by:
cosmicfox earned 500 total points
ID: 24139884
You can either shut off unused ports, and or enable Port security. Check out this article and you could try some of the solutions.

http://www.ciscopress.com/articles/article.asp?p=99029&seqNum=3
0
 

Author Comment

by:mati02
ID: 24139983
yes, i have actually stated that in my question. Port security project is a ways away. The problem with shutting off unused ports is that all live ports will still be vulnerable. For example, if a laptop user hard-codes my switch's IP address and plugs into a live jack. (unplugging cat5 from an existing computer).
0
 
LVL 6

Assisted Solution

by:cosmicfox
cosmicfox earned 500 total points
ID: 24141430
Thats where the port security comes in, you limit the port to only 1 mac address. And you can setup the switch to learn the mac address by sticky session. then when someone unplugs the current computer and plugs in a laptop the port will shut down.
0
Free camera licenses with purchase of My Cloud NAS

Milestone Arcus software is compatible with thousands of industry-leading cameras for added flexibility. Upon installation on your My Cloud NAS, you will receive two (2) camera licenses already enabled in the software. And for a limited time, get additional camera licenses FREE.

 

Author Comment

by:mati02
ID: 24141545
yes, understood. Port security project is a ways away. Need another option for interim, as mentioned in initial question. I have always known of port security but wanted another option here.
0
 
LVL 6

Assisted Solution

by:cosmicfox
cosmicfox earned 500 total points
ID: 24141993
The only other options i can think of is IP source guard which is used prevent traffic attacks caused when a host tries to use the IP address of its neighbor. But not sure what type of device you have check out the 3560 guide. usually it is used with dhcp snooping, but you can do a manually binding.


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swdhcp82.html#wp1328394
0
 

Author Closing Comment

by:mati02
ID: 31569976
not completely what i was looking for.
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Quality of Service (QoS) options are nearly endless when it comes to networks today. This article is merely one example of how it can be handled in a hub-n-spoke design using a 3-tier configuration.
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now