Wow, I would do that for that money :)
Dietrich, I guess you really want to do the binding alone (i.e. enable
DAI and may be IP guard to say ok) but not change the interface into
trusted, which would allow any static bound machine to become a rogue
DHCP server, right ?
Would all the ports be leaves ? (i.e. just one MAC/IP allowed ?)
I would just enable DAI and try to parse DAI exceptions, may be dropping
the first ARP response and counting on the first correspondant
"insisting" on wanting to talk. Nice feature though, although it opens
the security to some extent.
-Carlos
Jay McMickle @ 13/03/2013 00:01 -0300 dixit:
> If you find out, let me know. We just spent $1MM on our first phase of ISE,
> which is similar to what you are doing, with more cowbell. ;)
>
> Regards,
> Jay McMickle- CCIE #35355 (RS)
> Sent from my iPhone 5
> Support me to fight MS!
> http://main.nationalmssociety.org/site/TR/Bike/TXHBikeEvents?px=5886043&pg=pe
> rsonal&fr_id=20226
>
>
> On Mar 12, 2013, at 5:25 PM, "Haywood, Dietrich" <dhaywood_at_qualcomm.com>
> wrote:
>
>> All,
>>
>> Had a question I wanted to bounce off the group. Let's say I have a switch
> that is a DHCP server, but also has DHCP snooping enabled. All the ports are
> untrusted. IP source guard and Dynamic ARP inspection is configured on all
> interfaces as well. In addition to that, all ports are untrusted. When I have
> hosts connected to the switch, they pull an IP address from my DHCP pool, and
> everything is fine in the world.
>>
>> Now, to get to what I'm "trying" to accomplish. I want to know if it is
> possible to do the following: A user with a static IP address connects to the
> switch in question. The switch takes note of the IP address and the MAC
> address configured on the static host, before denying the user on the network.
> Then, using that information, configure an EEM script to take that information
> and configure that interface with a STATIC BINDING and set the interface to
> TRUSTED. Once the host is removed, the configuration would revert to its
> previous configuration.
>>
>> Any chance of this? Or am I just wasting my time?
>>
>> Regards,
>> Dietrich
>>
>>
>> Blogs and organic groups at http://www.ccie.net
>>
>> _______________________________________________________________________
>> Subscription information may be found at:
>> http://www.groupstudy.com/list/CCIELab.html
>
>
> Blogs and organic groups at http://www.ccie.net
>
> _______________________________________________________________________
> Subscription information may be found at:
> http://www.groupstudy.com/list/CCIELab.html
>
>
>
>
>
>
>
-- Carlos G Mendioroz <tron_at_huapi.ba.ar> LW7 EQI Argentina Blogs and organic groups at http://www.ccie.netReceived on Wed Mar 13 2013 - 06:52:59 ART
This archive was generated by hypermail 2.2.0 : Wed Apr 03 2013 - 19:06:19 ART