Please take a look at this image right here.
In the image above you can see a virtual netwerk simulation program (CISCO Packet Tracer 6.0) where I’m trying to setup a network and secure it.
However I’ve come to the point where I want to use Access Control Lists in combination with DHCP. However, I haven’t managed to find a way to bind certain MAC addresses to specific IP addresses (If anyone would know how to do this in this program… please let me know).
So I figured out that that might bring me future problems. Where a lease would be released and a new IP is handed out. When a computer then tries to access certain parts of the network, the ACL might block them…Would anyone be able to hand me some information on how to deal with this so that if I connected a “attacker” computer to this network, it gets blocked. But when a computer in the network receives a new IP adres, it doesn’t block it?
You might be thinking: Use port-security…
However, for me to understand ACL’s better I would like to find a way to use it in this network.Thank you in advance!
Dempsey
Answer
However, I haven’t managed to find a way to bind certain MAC addresses
to specific IP addresses (If anyone would know how to do this in this
program… please let me know).
Yes, you can do that. Imagining you want client Gnouc, MAC address xxxx.yyyy.zzzz will have IP 192.168.1.100, then you do this in router:
ip dhcp pool Gnouc
host 192.168.1.100
hardware-address xxxx.yyyy.zzzz ieee802
client-name Gnouc
Try and feedback.
Would anyone be able to hand me some information on how to deal with
this so that if I connected a “attacker” computer to this network, it
gets blocked. But when a computer in the network receives a new IP
adres, it doesn’t block it?
I think ACL can not do that, you must use mac access-list.
Attribution
Source : Link , Question Author : Dempsey FoxDie Van Assche , Answer Author : cuonglm
