Cisco and DHCP Pool Binding

Hello ,

I have setup in my Cisco 6500 switch a VLAN Interface with a public subnet . I have create for this VLAN a dhcp pool with this public subnet and also i create bindings for a mac pool with spesific ips.

This subnet will be given to Virtual Machines automatic by the dhcp and according the MAC address of each vm. Is there a way if a user try to change the IP of the VM with a static one to block whole access to this virtual machine ?

Anestis PsomasSystem and Network AdministratorAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Soulja53 6F 75 6C 6A 61 Commented:
Can you just restrict the user from being able to change the ip?  Otherwise, just create an acl that would only allow traffic to/from the ip addresses you have binded. Anything outside of that range would be denied.
Anestis PsomasSystem and Network AdministratorAuthor Commented:
Unfortunately i can't restrict the user inside the virtual machine because it is not in a domain.

As for the ACL it wont do the job for me because i have a big VLAN with public ips so if the client change to the next ip then he will have access anywhere again.

The only solution if i can bind somehow mac address and IP and if it changes ip then drop connection

Soulja53 6F 75 6C 6A 61 Commented:
What type of VM are these? Are they using local accounts on the VM's? If so, can't you give them reduced privileges?
Powerful Yet Easy-to-Use Network Monitoring

Identify excessive bandwidth utilization or unexpected application traffic with SolarWinds Bandwidth Analyzer Pack.

Anestis PsomasSystem and Network AdministratorAuthor Commented:
This VM are Windows 2012 and the users will have local admin accounts so full privileges. Thats why i must do it in the networking layer .
AkinsdNetwork AdministratorCommented:
Route maps is what you need to configure

You can match mac addresses to IP address  in a route map sequence
if you are the gateway you can also statically set the arp for the IP to the MAC address that you want so that you will never learn a different MAC address other than that.

something like

 arp ffff.aaaa.bbbb

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Switches / Hubs

From novice to tech pro — start learning today.