• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 356
  • Last Modified:

Prevent users from using locally set static IP address to connect to network

We are currently a cisco house (with sonicwall firewall) and I would like to implement somthing (NOT ISA SERVER) which will prevent users bringing in laptops from home and setting static ip's to connect to our network. We have had a problem in the past where a user plugged in a laptop that had the same address as our firewall which took our network down for a while until we could trace source. I am implementing VLAN's and also will be doing port security which will prevent this, HOWEVER, i will not be done with segmentation project for some time. I need an interim solution which will prevent users on a FLAT network from taking up either our SWITCH ip's or FIREWALL ip. I need recommendations on something i can implement which is FREE. Thanks in advance for all of your responses.
0
mati02
Asked:
mati02
  • 3
  • 3
3 Solutions
 
cosmicfoxCommented:
You can either shut off unused ports, and or enable Port security. Check out this article and you could try some of the solutions.

http://www.ciscopress.com/articles/article.asp?p=99029&seqNum=3
0
 
mati02Author Commented:
yes, i have actually stated that in my question. Port security project is a ways away. The problem with shutting off unused ports is that all live ports will still be vulnerable. For example, if a laptop user hard-codes my switch's IP address and plugs into a live jack. (unplugging cat5 from an existing computer).
0
 
cosmicfoxCommented:
Thats where the port security comes in, you limit the port to only 1 mac address. And you can setup the switch to learn the mac address by sticky session. then when someone unplugs the current computer and plugs in a laptop the port will shut down.
0
A Cyber Security RX to Protect Your Organization

Join us on December 13th for a webinar to learn how medical providers can defend against malware with a cyber security "Rx" that supports a healthy technology adoption plan for every healthcare organization.

 
mati02Author Commented:
yes, understood. Port security project is a ways away. Need another option for interim, as mentioned in initial question. I have always known of port security but wanted another option here.
0
 
cosmicfoxCommented:
The only other options i can think of is IP source guard which is used prevent traffic attacks caused when a host tries to use the IP address of its neighbor. But not sure what type of device you have check out the 3560 guide. usually it is used with dhcp snooping, but you can do a manually binding.


http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_50_se/configuration/guide/swdhcp82.html#wp1328394
0
 
mati02Author Commented:
not completely what i was looking for.
0

Featured Post

Automating Your MSP Business

The road to profitability.
Delivering superior services is key to ensuring customer satisfaction and the consequent long-term relationships that enable MSPs to lock in predictable, recurring revenue. What's the best way to deliver superior service? One word: automation.

  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now