How to avoid a server from using an unauthorized IP ?

35 pts.
Tags:
ACL Manager
Cisco
IP
Linksys
Switches
VLAN
I don't know for sure how to ask for it, so I'll explain it to you first:[Br style="padding: 0px; margin: 0px;" />[Br style="padding: 0px; margin: 0px;" />- I currently have a Linksys SRW224G4 switch, in which I have connected 10 servers. [Br style="padding: 0px; margin: 0px;" />- From those, 9 servers are ours, and the other one is from one of our clients.[Br style="padding: 0px; margin: 0px;" />- We have 27 IP addresses available; and only 12 currently being used (plus, the gateway), a total of 30.[Br style="padding: 0px; margin: 0px;" />[Br style="padding: 0px; margin: 0px;" />What I need to do is that my client's server, CANNOT use an IP address, different from the one I've assigned to him.[Br style="padding: 0px; margin: 0px;" />[Br style="padding: 0px; margin: 0px;" />One of my friends, told me that this could be done by assigning a VLAN to the server's port, and use netmasks to block the traffic; but my Switch doesn't let me do anything to the VLAN's other than adding or removing ports to it, it has no networking setup and I don't have a console access other than the extremely basic telnet/ssh menu and the WebView. Also, I have no access to the Gateway (it's controlled by my provider), and I haven't installed a Router yet.[Br style="padding: 0px; margin: 0px;" />[Br style="padding: 0px; margin: 0px;" />Is it possible to do this with just the Switch? (eg. with ACL's or something like that)[Br style="padding: 0px; margin: 0px;" />Or I'll need to get a Cisco Router to do the VLAN's IP address control?

Software/Hardware used:
Linksys SRW224G4 Switch

Answer Wiki

Thanks. We'll let you know when a new response is added.

You can do this using ACLs. Set an outgoing ACL on the server’s interface.

The commands below should work for you if you put in the correct server IP address and interface. This will allow only that IP address to send outgoing packets using the interface:

Access-List 100 permit ip 192.168.100.1 0.0.0.0
interface 0/1
ip access-group 100 out

This is assuming the Linksys switch can be programmed like a Cisco switch. They are the same company after all…

Discuss This Question: 3  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • Kuteninja
    (Sorry about the html tags, I've copypasted from another site, this is the question:) I don't know for sure how to ask for it, so I'll explain it to you first: - I currently have a Linksys SRW224G4 switch, in which I have connected 10 servers. - From those, 9 servers are ours, and the other one is from one of our clients. - We have 27 IP addresses available; and only 12 currently being used (plus, the gateway), a total of 30. What I need to do is that my client's server, CANNOT use an IP address, different from the one I've assigned to him. One of my friends, told me that this could be done by assigning a VLAN to the server's port, and use netmasks to block the traffic; but my Switch doesn't let me do anything to the VLAN's other than adding or removing ports to it, it has no networking setup and I don't have a console access other than the extremely basic telnet/ssh menu and the WebView. Also, I have no access to the Gateway (it's controlled by my provider), and I haven't installed a Router yet. Is it possible to do this with just the Switch? (eg. with ACL's or something like that) Or I'll need to get a Cisco Router to do the VLAN's IP address control?
    35 pointsBadges:
    report
  • Kuteninja
    The Linksys switch doesn't come with a server console, but it does have a crappy WebView panel (which only works almost decently on IE). Let my try it, and I'll come back.
    35 pointsBadges:
    report
  • Kuteninja
    WebView does have an ACL panel, with "IP based ACL" and "MAC based ACL", but it doesn't let me specify the ACL to just one port of the switch, so if I do that, I won't be able to use that IP on any other server unless I remove the ACL block. The MAC based ACL let me do that with a VLAN ID, but it's kinda easy to hide the network card MAC by masking it. I'm next to buy a new switch. Do you recommend me to get a better one? In that case, which one would be good and allow me to do what I want?
    35 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Thanks! We'll email you when relevant content is added and updated.

Following