Solved

Prevent users from using locally set static IP address to connect to network

Posted on 2009-04-14
6
348 Views
Last Modified: 2012-05-06
We are currently a cisco house (with sonicwall firewall) and I would like to implement somthing (NOT ISA SERVER) which will prevent users bringing in laptops from home and setting static ip's to connect to our network. We have had a problem in the past where a user plugged in a laptop that had the same address as our firewall which took our network down for a while until we could trace source. I am implementing VLAN's and also will be doing port security which will prevent this, HOWEVER, i will not be done with segmentation project for some time. I need an interim solution which will prevent users on a FLAT network from taking up either our SWITCH ip's or FIREWALL ip. I need recommendations on something i can implement which is FREE. Thanks in advance for all of your responses.
0
Comment
Question by:mati02
  • 3
  • 3
6 Comments
 
LVL 6

Accepted Solution

by:
cosmicfox earned 500 total points
ID: 24139884
You can either shut off unused ports, and or enable Port security. Check out this article and you could try some of the solutions.

http://www.ciscopress.com/articles/article.asp?p=99029&seqNum=3
0
 

Author Comment

by:mati02
ID: 24139983
yes, i have actually stated that in my question. Port security project is a ways away. The problem with shutting off unused ports is that all live ports will still be vulnerable. For example, if a laptop user hard-codes my switch's IP address and plugs into a live jack. (unplugging cat5 from an existing computer).
0
 
LVL 6

Assisted Solution

by:cosmicfox
cosmicfox earned 500 total points
ID: 24141430
Thats where the port security comes in, you limit the port to only 1 mac address. And you can setup the switch to learn the mac address by sticky session. then when someone unplugs the current computer and plugs in a laptop the port will shut down.
0
Free learning courses: Active Directory Deep Dive

Get a firm grasp on your IT environment when you learn Active Directory best practices with Veeam! Watch all, or choose any amount, of this three-part webinar series to improve your skills. From the basics to virtualization and backup, we got you covered.

 

Author Comment

by:mati02
ID: 24141545
yes, understood. Port security project is a ways away. Need another option for interim, as mentioned in initial question. I have always known of port security but wanted another option here.
0
 
LVL 6

Assisted Solution

by:cosmicfox
cosmicfox earned 500 total points
ID: 24141993
The only other options i can think of is IP source guard which is used prevent traffic attacks caused when a host tries to use the IP address of its neighbor. But not sure what type of device you have check out the 3560 guide. usually it is used with dhcp snooping, but you can do a manually binding.


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swdhcp82.html#wp1328394
0
 

Author Closing Comment

by:mati02
ID: 31569976
not completely what i was looking for.
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

We recently endured a series of broadcast storms that caused our ISP to shut us down for brief periods of time. After going through a multitude of tests, we determined that the issue was related to Intel NIC drivers on some new HP desktop computers …
Is your computer hacked? learn how to detect and delete malware in your PC
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question