Anestis Psomas
asked on
Cisco and DHCP Pool Binding
Hello ,
I have setup in my Cisco 6500 switch a VLAN Interface with a public subnet . I have create for this VLAN a dhcp pool with this public subnet and also i create bindings for a mac pool with spesific ips.
This subnet will be given to Virtual Machines automatic by the dhcp and according the MAC address of each vm. Is there a way if a user try to change the IP of the VM with a static one to block whole access to this virtual machine ?
Thanks
I have setup in my Cisco 6500 switch a VLAN Interface with a public subnet . I have create for this VLAN a dhcp pool with this public subnet and also i create bindings for a mac pool with spesific ips.
This subnet will be given to Virtual Machines automatic by the dhcp and according the MAC address of each vm. Is there a way if a user try to change the IP of the VM with a static one to block whole access to this virtual machine ?
Thanks
Soulja
Can you just restrict the user from being able to change the ip? Otherwise, just create an acl that would only allow traffic to/from the ip addresses you have binded. Anything outside of that range would be denied.
ASKER
Unfortunately i can't restrict the user inside the virtual machine because it is not in a domain.
As for the ACL it wont do the job for me because i have a big VLAN with public ips so if the client change to the next ip then he will have access anywhere again.
The only solution if i can bind somehow mac address and IP and if it changes ip then drop connection
Thanks
As for the ACL it wont do the job for me because i have a big VLAN with public ips so if the client change to the next ip then he will have access anywhere again.
The only solution if i can bind somehow mac address and IP and if it changes ip then drop connection
Thanks
What type of VM are these? Are they using local accounts on the VM's? If so, can't you give them reduced privileges?
ASKER
This VM are Windows 2012 and the users will have local admin accounts so full privileges. Thats why i must do it in the networking layer .
Route maps is what you need to configure
You can match mac addresses to IP address in a route map sequence
You can match mac addresses to IP address in a route map sequence
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.