Security

Reply
Highlighted
Occasional Contributor II

Blocking access to devices with static ips (no dhcp)

Hi everyone. First of all, thanks just for reading.

I have a CPPM, Cisco 2960 and HPE 5500 switches  (comware).

I'm using dot1x and dynamic vlan assignation vía Radius and works flawless.

Now, I need to block the access to devices that have a static ip address (ip no obteined vía microsoft dhcp server in my network).

Anyone have a idea of how to do that?

 

Thanks in advance!

Nicolás Cáceres
Occasional Contributor II

Re: Blocking access to devices with static ips (no dhcp)

Authorization:[Endpoint Repository] StaticIp equals True

Occasional Contributor II

Re: Blocking access to devices with static ips (no dhcp)

Hi tritterbush, thanks for the answer.

 

I have tried that.

When I connect a notebook to the dot1x port, the notebook use DHCP client to ip address from our DHCP server, but in the Access Tracker says "Static UP = true".

 

Thanks.

Nicolás Cáceres
Super Contributor II

Re: Blocking access to devices with static ips (no dhcp)

Hi Nicolas,

Have you configured DHCP profiling? You could also enable the ARP protect feature. However this is not a ClearPass feature but a switch feature. The switch will drop the traffic if there is not a entry in the DHCP snooping table

Willem Bargeman ACMX#935 | ACCX #822

Please give me kudos if my post was useful!
If your issue is solved mark the post as solution!
Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: