Access layer switch port security situation, does not support do how deployment strategy to prevent the client modify IP access network? Access layer switch is Oring IGS - 3032 gc, distribution layer and convergence layer switches are cisco, pass the DHCP client get IP
CodePudding user response:
Cisco should also support the arp binding,
CodePudding user response:
reference 1st floor Iforgetmyid response: cisco should also support the arp binding, client pick up under the Oring, can't do the arp in the distribution layer CodePudding user response:
Done before a period of network management, finally adopted in switch or firewall MAC and IP binding, if you don't match binding and network equipment, so the computer can't get to the Internet, this method is to use, the disadvantage is that according to the condition of topology, computer and computer communications shall not be affected at local scope, if the access layer switches support binding, you can completely, CodePudding user response:
reference weixin_40290083 reply: 3/f do network management for a period of time, before eventually adopted in switch or firewall MAC and IP binding, if binding and network equipment do not match, so the computer can't get to the Internet, this method is to use, the disadvantage is that according to the condition of topology, computer and computer communications shall not be affected at local scope, if the access layer switches support binding, you can completely limit, I didn't do it a firewall, a little curious about how to get to the client firewall of MAC, packets after middleware MAC are changed CodePudding user response:
refer to the second floor of mushrooms meow meow response: Quote: refer to 1st floor Iforgetmyid response: cisco should also support the arp binding, client pick up under the Oring, can't do at the distribution layer arp Your gateway on convergence switch 3, he can't surf the Internet at least three, if you want to reach the purpose of you completely, only in access layer switches, CodePudding user response:
Very good method, support CodePudding user response:
To learn, is very interested in this aspect, CodePudding user response:
I was thinking, want to ask if there is no other way to is I don't know the CodePudding user response:
reference 5 floor Iforgetmyid reply: Quote: refer to the second floor mushroom meow meow response: Quote: refer to 1st floor Iforgetmyid response: cisco should also support the arp binding, client pick up under the Oring, can't do at the distribution layer arp Your gateway on convergence switch 3, he can't surf the Internet at least three, if you want to reach the purpose of you completely, only in access layer switches, I was thinking, just want to ask is there any way I don't know what is CodePudding user response:
You embarrassed, questions in distribution and gathering a concept, should be distributed and core CodePudding user response:
DHCP snooping + + IPSG DAI