Switching

Expand all | Collapse all

How to prevent users from changing the IP of the server connected to EX4200?

  • 1.  How to prevent users from changing the IP of the server connected to EX4200?

    Posted 3 days ago
    I want to know how i can assign 1 ip (or multiple ip) to a specific mac address on my juniper switch.

    So that if user changes the IP from within the range, then the switch would refuse it.

    Example 1.1.1.1 is the alloted ip, currently if the client change it to 1.1.1.2, then it would accept and work, i do not want to allow it, any idea how to?

    I tried IP source guard, but whenever i activate that my whole switch goes down. I do not want to create subnets, i want to give 1 ip to 1 dedicated server while using 1 single gateway.

    Any help would be appreciated, thank you.



     Reply
    Quote
    PS: My network (internet wire) is connected to port 47 which is within my vlan.

    ------------------------------
    HARSH JAIN
    ------------------------------


  • 2.  RE: How to prevent users from changing the IP of the server connected to EX4200?

     
    Posted 18 hours ago
    On the ethernet port facing the device you could apply this filter to the interface input.

    firewall {

        family ethernet-switching {

            filter name {

                term allow {

                    from {

                        source-mac-address {

                            88:05:00:29:3c:de/48;

                        }

                        source-address {

                            1.1.1.1/32;

                        }

                    }

                    then accept;

                }                           

                term block {

                    then discard;

                }

            }

        }

    }

    What I'm not sure about is that the term will evaluate as an AND condition or if it will be an OR condition letting all the mac address associations through.

    But in your case maybe the ip address alone will accomplish what you want.

    ------------------------------
    Steve Puluka BSEET - Juniper Ambassador
    IP Architect - DQE Communications Pittsburgh, PA (Metro Ethernet & ISP)
    http://puluka.com/home
    ------------------------------