MAC and IP address binding

How I can create binding between MAC and IP address in catalyast 4500 series to prevent any MAC address to work except specific ip

Reply to
alsharafi24
Loading thread data ...

If you're wanting to implement an allow-only configuration to block network access for unauthorized devices, the best way to do this would be via VLAN membership using the MAC Addresses of the pc's. Configure all of your "allowed" pc's and network devices to one VLAN and unknown devices to belong to a separate VLAN. That way they can only see the other unauthorized pc's, not the production network. We've done a lot of testing here with 802.1x over fast ethernet but found that it was not a good solution for most offices. There are many pitfalls that cannot be overcome.

Reply to
GusttyWinds

You can also use port security.

Here's a link.

formatting link

Reply to
genki

Port security works too, but my gripe with that one is that once you use it you can't move a pc from one port to another. That pc is now stuck to that port and only that pc can use that port. If you implement VLAN's and use one of the switches as the VTP server, the pc's can move from port to port but still get the same level of security.

Reply to
GusttyWinds

Port security works too, but my gripe with that one is that once you use it you can't move a pc from one port to another. That pc is now stuck to that port and only that pc can use that port. If you implement VLAN's and use one of the switches as the VTP server, the pc's can move from port to port but still get the same level of security.

Reply to
GusttyWinds

Hey GusttyWinds, do you use private vlans at all, if so what are your opinions on their usage.

And can I ask what kind of issue you ran into with 802.1x.

Just interested for future reference.

Thanks !

Reply to
genki

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.