Solved

Prevent users from using locally set static IP address to connect to network

Posted on 2009-04-14
6
352 Views
Last Modified: 2012-05-06
We are currently a cisco house (with sonicwall firewall) and I would like to implement somthing (NOT ISA SERVER) which will prevent users bringing in laptops from home and setting static ip's to connect to our network. We have had a problem in the past where a user plugged in a laptop that had the same address as our firewall which took our network down for a while until we could trace source. I am implementing VLAN's and also will be doing port security which will prevent this, HOWEVER, i will not be done with segmentation project for some time. I need an interim solution which will prevent users on a FLAT network from taking up either our SWITCH ip's or FIREWALL ip. I need recommendations on something i can implement which is FREE. Thanks in advance for all of your responses.
0
Comment
Question by:mati02
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
6 Comments
 
LVL 6

Accepted Solution

by:
cosmicfox earned 500 total points
ID: 24139884
You can either shut off unused ports, and or enable Port security. Check out this article and you could try some of the solutions.

http://www.ciscopress.com/articles/article.asp?p=99029&seqNum=3
0
 

Author Comment

by:mati02
ID: 24139983
yes, i have actually stated that in my question. Port security project is a ways away. The problem with shutting off unused ports is that all live ports will still be vulnerable. For example, if a laptop user hard-codes my switch's IP address and plugs into a live jack. (unplugging cat5 from an existing computer).
0
 
LVL 6

Assisted Solution

by:cosmicfox
cosmicfox earned 500 total points
ID: 24141430
Thats where the port security comes in, you limit the port to only 1 mac address. And you can setup the switch to learn the mac address by sticky session. then when someone unplugs the current computer and plugs in a laptop the port will shut down.
0
NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

 

Author Comment

by:mati02
ID: 24141545
yes, understood. Port security project is a ways away. Need another option for interim, as mentioned in initial question. I have always known of port security but wanted another option here.
0
 
LVL 6

Assisted Solution

by:cosmicfox
cosmicfox earned 500 total points
ID: 24141993
The only other options i can think of is IP source guard which is used prevent traffic attacks caused when a host tries to use the IP address of its neighbor. But not sure what type of device you have check out the 3560 guide. usually it is used with dhcp snooping, but you can do a manually binding.


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swdhcp82.html#wp1328394
0
 

Author Closing Comment

by:mati02
ID: 31569976
not completely what i was looking for.
0

Featured Post

Free NetCrunch network monitor licenses!

Only on Experts-Exchange: Sign-up for a free-trial and we'll send you your permanent license!

Here is what you get: 30 Nodes | Unlimited Sensors | No Time Restrictions | Absolutely FREE!

Act now. This offer ends July 14, 2017.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This is the first one of a series of articles I’ll be writing to address technical issues that are always referred to as network problems. The network boundaries have changed, therefore having an understanding of how each piece in the network  puzzl…
An article on effective troubleshooting
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
Monitoring a network: why having a policy is the best policy? Michael Kulchisky, MCSE, MCSA, MCP, VTSP, VSP, CCSP outlines the enormous benefits of having a policy-based approach when monitoring medium and large networks. Software utilized in this v…

688 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question