[bdNOG] nog Digest, Vol 27, Issue 1

Sun Dec 6 12:20:56 BDT 2015

Dear Shahjahan Bhai,
Thanks for writing here. You can't restrict your user to use the IP that is being used as your gateway IP, but you can implement a security policy that can protect your network if any of your user do such kind of occurrence. If you have manageable switch in your access layer (from where your users are connected to), then you can implement Access Control List (ACL) to prevent such kind of vulnerability.
For an Example: Suppose your gateway IP is 192.168.1.1, then you can implement Standard ACL on the switchport (from where your users are connected to)
Switch(config)#access-list 1 deny host 192.168.1.1Switch(config)#access-list 1 permit any 
Switch(config)#interface fastEthernet 0/1Switch(config-if)#ip access-group 1 in

Thanks & Regards,    Md. Abdullah Al Naser

     From: "nog-request at bdnog.org" <nog-request at bdnog.org>
 To: nog at bdnog.org 
 Sent: Sunday, December 6, 2015 12:00 PM
 Subject: nog Digest, Vol 27, Issue 1

Send nog mailing list submissions to
    nog at bdnog.org

To subscribe or unsubscribe via the World Wide Web, visit
    http://mailman.bdnog.org/mailman/listinfo/nog
or, via email, send a message with subject or body 'help' to
    nog-request at bdnog.org

You can reach the person managing the list at
    nog-owner at bdnog.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of nog digest..."

Today's Topics:

  1. DHCP Lease and Network Problem Help (Mohammad Shahjahan)
  2. Re: DHCP Lease and Network Problem Help (Aniruddha Barua)
  3. Re: DHCP Lease and Network Problem Help (Mohammad Shahjahan)

----------------------------------------------------------------------

Message: 1
Date: Sun, 6 Dec 2015 08:59:51 +0600
From: Mohammad Shahjahan <bunty.ctg at hotmail.com>
To: "nog at bdnog.org" <nog at bdnog.org>
Subject: [bdNOG] DHCP Lease and Network Problem Help
Message-ID: <BLU181-W563599EA9D7B446E370412E50A0 at phx.gbl>
Content-Type: text/plain; charset="iso-8859-1"

Dear Brother,
I am facing terrible problem in my network. The problem scenario as below:

Network Description:

1. We are using 64 VLAN segment (/24 * 64 = 16128 ip address's) in 4 different location by internal OSPF routing.
2. Most important part is all of those ip address are provided from one DHCP server and ONE GATEWAY (VLAN GATEWAY)[Provided From Layer 3 CISCO SW].

PROBLEM DESCRIPTION:

1. Now the problem is if any user put a manual IP address same as gateway ip address, then a specific VLAN NETWORK create some network problem like(ping latency, ip conflict, vlan down).

QUESTION: 

1. How can i stop using gateway ip address in client side (computer/laptop/smartphone)?

Please help me with some solution.

Thank you so much in advance.

--------------------------------------------------------
Engr. Mohammad Shahjahan
Member of Institute of Engineer Bangladesh
Membership Number: M/31195
Chittagong, Bangladesh
Contact Information: +8801752789798
--------------------------------------------------------

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20151206/7d9244c8/attachment-0001.html>

------------------------------

Message: 2
Date: Sun, 06 Dec 2015 09:41:12 +0600
From: Aniruddha Barua <aniruddha.barua at colbd.com>
To: Mohammad Shahjahan <bunty.ctg at hotmail.com>
Cc: nog at bdnog.org
Subject: Re: [bdNOG] DHCP Lease and Network Problem Help
Message-ID: <80e32772-a8a9-48f4-b60a-6ff8a9ace917 at typeapp.com>
Content-Type: text/plain; charset="utf-8"

Dear Mr. Shajahan,

You are talking about human error here. Only proper education and stern actions for intentional errors can fix this issue. Otherwise, you may go for static MAC tables everywhere but that defeats the very cause of Dynamic Networking (DHCP, OSPF etc).

Best regards,

ANIRUDDHA BARUA
Email: aniruddha.barua at colbd.com

On 6 Dec 2015 9:00 AM, at 9:00 AM, Mohammad Shahjahan <bunty.ctg at hotmail.com> wrote:
>Dear Brother,
>I am facing terrible problem in my network. The problem scenario as
>below:
>
>Network Description:
>
>1. We are using 64 VLAN segment (/24 * 64 = 16128 ip address's) in 4
>different location by internal OSPF routing.
>2. Most important part is all of those ip address are provided from one
>DHCP server and ONE GATEWAY (VLAN GATEWAY)[Provided From Layer 3 CISCO
>SW].
>
>PROBLEM DESCRIPTION:
>
>1. Now the problem is if any user put a manual IP address same as
>gateway ip address, then a specific VLAN NETWORK create some network
>problem like(ping latency, ip conflict, vlan down).
>
>QUESTION: 
>
>1. How can i stop using gateway ip address in client side
>(computer/laptop/smartphone)?
>
>Please help me with some solution.
>
>Thank you so much in advance.
>
>--------------------------------------------------------
>Engr. Mohammad Shahjahan
>Member of Institute of Engineer Bangladesh
>Membership Number: M/31195
>Chittagong, Bangladesh
>Contact Information: +8801752789798
>--------------------------------------------------------
>                         
>
>------------------------------------------------------------------------
>
>_______________________________________________
>nog mailing list
>nog at bdnog.org
>http://mailman.bdnog.org/mailman/listinfo/nog
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.bdnog.org/pipermail/nog/attachments/20151206/051be5a2/attachment-0001.html>

------------------------------

Message: 3
Date: Sun, 6 Dec 2015 11:14:13 +0600
From: Mohammad Shahjahan <bunty.ctg at hotmail.com>
To: Aniruddha Barua <aniruddha.barua at colbd.com>
Cc: "nog at bdnog.org" <nog at bdnog.org>
Subject: Re: [bdNOG] DHCP Lease and Network Problem Help
Message-ID: <BLU181-W55EA130192070DC437F279E50A0 at phx.gbl>
Content-Type: text/plain; charset="iso-8859-1"

Dear Sir,
Thank you for replay.

Is there any process or policy in cisco layer 3 switch where i can secure my gateway ip address? Actually we block a lot's of android devices in our dhcp server like as:

DENY
host and-0001{hardware ethernet a8:44:81:9f:88:e8;deny booting;}
ALLOW
host and-allow001{hardware ethernet bc:72:b1:e2:e5:d5;allow booting;}

When user get obtaining ip address's, then they are going to use static IP address in there android mobile. You have already know about our ip address number's. so it is too hard to maintain fixed MAC address service's in that number's of host's and there are ip conflict issue too.

ANY SOLUTION

Thank you so much.
--------------------------------------------------------
Engr. Mohammad Shahjahan
Member of Institute of Engineer Bangladesh
Membership Number: M/31195
Chittagong, Bangladesh
Contact Information: +8801752789798
--------------------------------------------------------

Subject: Re: [bdNOG] DHCP Lease and Network Problem Help
From: aniruddha.barua at colbd.com
Date: Sun, 6 Dec 2015 09:41:12 +0600
To: bunty.ctg at hotmail.com
CC: nog at bdnog.org

Dear Mr. Shajahan,
You are talking about human error here. Only proper education and stern actions for intentional errors can fix this issue. Otherwise, you may go for static MAC tables everywhere but that defeats the very cause of Dynamic Networking (DHCP, OSPF etc).
Best regards,
ANIRUDDHA BARUA

Email: aniruddha.barua at colbd.com

On 6 Dec 2015, at 9:00 AM, Mohammad Shahjahan <bunty.ctg at hotmail.com> wrote: