<html><head></head><body><div style="color:#000; background-color:#fff; font-family:HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif;font-size:13px"><div>Dear Shahjahan Bhai,</div><div><br></div><div dir="ltr" id="yui_3_16_0_1_1449379094983_9814">Thanks for writing here. You can't restrict your user to use the IP that is being used as your gateway IP, but you can implement a security policy that can protect your network if any of your user do such kind of occurrence. If you have manageable switch in your access layer (from where your users are connected to), then you can implement Access Control List (ACL) to prevent such kind of vulnerability.</div><div id="yui_3_16_0_1_1449379094983_11015" dir="ltr"><br></div><div id="yui_3_16_0_1_1449379094983_11402" dir="ltr">For an Example: Suppose your gateway IP is 192.168.1.1, then you can implement Standard ACL on the switchport (from where your users are connected to)</div><div id="yui_3_16_0_1_1449379094983_11403" dir="ltr"><br></div>Switch(config)#access-list 1 deny host 192.168.1.1<div class="" id="yui_3_16_0_1_1449379094983_11601" dir="ltr" style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">Switch(config)#access-list 1 permit any </div><div id="yui_3_16_0_1_1449379094983_11775" dir="ltr"><br></div>
<div class="" id="yui_3_16_0_1_1449379094983_11509" style=" margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;">Switch(config)#interface fastEthernet 0/1</div>Switch(config-if)#ip access-group 1 in<div id="yui_3_16_0_1_1449379094983_10931" dir="ltr"><br></div><div id="yui_3_16_0_1_1449379094983_11776" dir="ltr"><br></div><div id="yui_3_16_0_1_1449379094983_11777" dir="ltr"><br></div><div id="yui_3_16_0_1_1449379094983_9633" class="signature"><div id="yui_3_13_0_ym1_1_1385807350692_2495" class="yiv7621534068MsoNormal"><span id="yui_3_13_0_ym1_1_1385807350692_2494" style="font-size:9.0pt;">Thanks & Regards,</span></div> <div id="yui_3_13_0_ym1_1_1385807350692_2496" class="yiv7621534068MsoNormal"><span style="font-size:10.0pt;"> </span></div> <div id="yui_3_13_0_ym1_1_1385807350692_2497" class="yiv7621534068MsoNormal"><b id="yui_3_13_0_ym1_1_1385807350692_2506"><span id="yui_3_13_0_ym1_1_1385807350692_2505" style="font-size:9.0pt;color:#0D0D0D;">Md. Abdullah Al Naser</span></b><br></div><br></div><br><div id="yui_3_16_0_1_1449379094983_9638" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 13px;"> <div id="yui_3_16_0_1_1449379094983_9637" style="font-family: HelveticaNeue, Helvetica Neue, Helvetica, Arial, Lucida Grande, sans-serif; font-size: 16px;"> <div id="yui_3_16_0_1_1449379094983_9636" dir="ltr"> <hr id="yui_3_16_0_1_1449379094983_11778" size="1"> <font id="yui_3_16_0_1_1449379094983_9639" size="2" face="Arial"> <b><span style="font-weight:bold;">From:</span></b> "nog-request@bdnog.org" <nog-request@bdnog.org><br> <b><span style="font-weight: bold;">To:</span></b> nog@bdnog.org <br> <b><span style="font-weight: bold;">Sent:</span></b> Sunday, December 6, 2015 12:00 PM<br> <b><span style="font-weight: bold;">Subject:</span></b> nog Digest, Vol 27, Issue 1<br> </font> </div> <div id="yui_3_16_0_1_1449379094983_9641" class="y_msg_container"><br>Send nog mailing list submissions to<br> <a ymailto="mailto:nog@bdnog.org" href="mailto:nog@bdnog.org">nog@bdnog.org</a><br><br>To subscribe or unsubscribe via the World Wide Web, visit<br> <a href="http://mailman.bdnog.org/mailman/listinfo/nog" target="_blank">http://mailman.bdnog.org/mailman/listinfo/nog</a><br>or, via email, send a message with subject or body 'help' to<br> <a ymailto="mailto:nog-request@bdnog.org" href="mailto:nog-request@bdnog.org">nog-request@bdnog.org</a><br><br>You can reach the person managing the list at<br> <a ymailto="mailto:nog-owner@bdnog.org" href="mailto:nog-owner@bdnog.org">nog-owner@bdnog.org</a><br><br>When replying, please edit your Subject line so it is more specific<br>than "Re: Contents of nog digest..."<br><br><br>Today's Topics:<br><br> 1. DHCP Lease and Network Problem Help (Mohammad Shahjahan)<br> 2. Re: DHCP Lease and Network Problem Help (Aniruddha Barua)<br> 3. Re: DHCP Lease and Network Problem Help (Mohammad Shahjahan)<br><br><br>----------------------------------------------------------------------<br><br>Message: 1<br>Date: Sun, 6 Dec 2015 08:59:51 +0600<br>From: Mohammad Shahjahan <<a id="yui_3_16_0_1_1449379094983_12091" ymailto="mailto:bunty.ctg@hotmail.com" href="mailto:bunty.ctg@hotmail.com">bunty.ctg@hotmail.com</a>><br>To: "<a ymailto="mailto:nog@bdnog.org" href="mailto:nog@bdnog.org">nog@bdnog.org</a>" <<a ymailto="mailto:nog@bdnog.org" href="mailto:nog@bdnog.org">nog@bdnog.org</a>><br>Subject: [bdNOG] DHCP Lease and Network Problem Help<br>Message-ID: <<a ymailto="mailto:BLU181-W563599EA9D7B446E370412E50A0@phx.gbl" href="mailto:BLU181-W563599EA9D7B446E370412E50A0@phx.gbl">BLU181-W563599EA9D7B446E370412E50A0@phx.gbl</a>><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Dear Brother,<br>I am facing terrible problem in my network. The problem scenario as below:<br><br>Network Description:<br><br>1. We are using 64 VLAN segment (/24 * 64 = 16128 ip address's) in 4 different location by internal OSPF routing.<br>2. Most important part is all of those ip address are provided from one DHCP server and ONE GATEWAY (VLAN GATEWAY)[Provided From Layer 3 CISCO SW].<br><br>PROBLEM DESCRIPTION:<br><br>1. Now the problem is if any user put a manual IP address same as gateway ip address, then a specific VLAN NETWORK create some network problem like(ping latency, ip conflict, vlan down).<br><br>QUESTION: <br><br>1. How can i stop using gateway ip address in client side (computer/laptop/smartphone)?<br><br>Please help me with some solution.<br><br>Thank you so much in advance.<br><br>--------------------------------------------------------<br>Engr. Mohammad Shahjahan<br>Member of Institute of Engineer Bangladesh<br>Membership Number: M/31195<br>Chittagong, Bangladesh<br>Contact Information: +8801752789798<br>--------------------------------------------------------<br> <br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a href="http://mailman.bdnog.org/pipermail/nog/attachments/20151206/7d9244c8/attachment-0001.html" target="_blank">http://mailman.bdnog.org/pipermail/nog/attachments/20151206/7d9244c8/attachment-0001.html</a>><br><br>------------------------------<br><br>Message: 2<br>Date: Sun, 06 Dec 2015 09:41:12 +0600<br>From: Aniruddha Barua <<a ymailto="mailto:aniruddha.barua@colbd.com" href="mailto:aniruddha.barua@colbd.com">aniruddha.barua@colbd.com</a>><br>To: Mohammad Shahjahan <<a ymailto="mailto:bunty.ctg@hotmail.com" href="mailto:bunty.ctg@hotmail.com">bunty.ctg@hotmail.com</a>><br>Cc: <a ymailto="mailto:nog@bdnog.org" href="mailto:nog@bdnog.org">nog@bdnog.org</a><br>Subject: Re: [bdNOG] DHCP Lease and Network Problem Help<br>Message-ID: <<a ymailto="mailto:80e32772-a8a9-48f4-b60a-6ff8a9ace917@typeapp.com" href="mailto:80e32772-a8a9-48f4-b60a-6ff8a9ace917@typeapp.com">80e32772-a8a9-48f4-b60a-6ff8a9ace917@typeapp.com</a>><br>Content-Type: text/plain; charset="utf-8"<br><br>Dear Mr. Shajahan,<br><br>You are talking about human error here. Only proper education and stern actions for intentional errors can fix this issue. Otherwise, you may go for static MAC tables everywhere but that defeats the very cause of Dynamic Networking (DHCP, OSPF etc).<br><br>Best regards,<br><br>ANIRUDDHA BARUA<br>Email: <a ymailto="mailto:aniruddha.barua@colbd.com" href="mailto:aniruddha.barua@colbd.com">aniruddha.barua@colbd.com</a><br><br><br><br>On 6 Dec 2015 9:00 AM, at 9:00 AM, Mohammad Shahjahan <<a ymailto="mailto:bunty.ctg@hotmail.com" href="mailto:bunty.ctg@hotmail.com">bunty.ctg@hotmail.com</a>> wrote:<br>>Dear Brother,<br>>I am facing terrible problem in my network. The problem scenario as<br>>below:<br>><br>>Network Description:<br>><br>>1. We are using 64 VLAN segment (/24 * 64 = 16128 ip address's) in 4<br>>different location by internal OSPF routing.<br>>2. Most important part is all of those ip address are provided from one<br>>DHCP server and ONE GATEWAY (VLAN GATEWAY)[Provided From Layer 3 CISCO<br>>SW].<br>><br>>PROBLEM DESCRIPTION:<br>><br>>1. Now the problem is if any user put a manual IP address same as<br>>gateway ip address, then a specific VLAN NETWORK create some network<br>>problem like(ping latency, ip conflict, vlan down).<br>><br>>QUESTION: <br>><br>>1. How can i stop using gateway ip address in client side<br>>(computer/laptop/smartphone)?<br>><br>>Please help me with some solution.<br>><br>>Thank you so much in advance.<br>><br>>--------------------------------------------------------<br>>Engr. Mohammad Shahjahan<br>>Member of Institute of Engineer Bangladesh<br>>Membership Number: M/31195<br>>Chittagong, Bangladesh<br>>Contact Information: +8801752789798<br>>--------------------------------------------------------<br>> <br>><br>>------------------------------------------------------------------------<br>><br>>_______________________________________________<br>>nog mailing list<br>><a ymailto="mailto:nog@bdnog.org" href="mailto:nog@bdnog.org">nog@bdnog.org</a><br>><a href="http://mailman.bdnog.org/mailman/listinfo/nog" target="_blank">http://mailman.bdnog.org/mailman/listinfo/nog</a><br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a href="http://mailman.bdnog.org/pipermail/nog/attachments/20151206/051be5a2/attachment-0001.html" target="_blank">http://mailman.bdnog.org/pipermail/nog/attachments/20151206/051be5a2/attachment-0001.html</a>><br><br>------------------------------<br><br>Message: 3<br>Date: Sun, 6 Dec 2015 11:14:13 +0600<br>From: Mohammad Shahjahan <<a ymailto="mailto:bunty.ctg@hotmail.com" href="mailto:bunty.ctg@hotmail.com">bunty.ctg@hotmail.com</a>><br>To: Aniruddha Barua <<a ymailto="mailto:aniruddha.barua@colbd.com" href="mailto:aniruddha.barua@colbd.com">aniruddha.barua@colbd.com</a>><br>Cc: "<a ymailto="mailto:nog@bdnog.org" href="mailto:nog@bdnog.org">nog@bdnog.org</a>" <<a ymailto="mailto:nog@bdnog.org" href="mailto:nog@bdnog.org">nog@bdnog.org</a>><br>Subject: Re: [bdNOG] DHCP Lease and Network Problem Help<br>Message-ID: <<a ymailto="mailto:BLU181-W55EA130192070DC437F279E50A0@phx.gbl" href="mailto:BLU181-W55EA130192070DC437F279E50A0@phx.gbl">BLU181-W55EA130192070DC437F279E50A0@phx.gbl</a>><br>Content-Type: text/plain; charset="iso-8859-1"<br><br>Dear Sir,<br>Thank you for replay.<br><br>Is there any process or policy in cisco layer 3 switch where i can secure my gateway ip address? Actually we block a lot's of android devices in our dhcp server like as:<br><br>DENY<br>host and-0001{hardware ethernet a8:44:81:9f:88:e8;deny booting;}<br>ALLOW<br>host and-allow001{hardware ethernet bc:72:b1:e2:e5:d5;allow booting;}<br><br>When user get obtaining ip address's, then they are going to use static IP address in there android mobile. You have already know about our ip address number's. so it is too hard to maintain fixed MAC address service's in that number's of host's and there are ip conflict issue too.<br><br>ANY SOLUTION<br><br>Thank you so much.<br>--------------------------------------------------------<br>Engr. Mohammad Shahjahan<br>Member of Institute of Engineer Bangladesh<br>Membership Number: M/31195<br>Chittagong, Bangladesh<br>Contact Information: +8801752789798<br>--------------------------------------------------------<br><br><br>Subject: Re: [bdNOG] DHCP Lease and Network Problem Help<br>From: <a ymailto="mailto:aniruddha.barua@colbd.com" href="mailto:aniruddha.barua@colbd.com">aniruddha.barua@colbd.com</a><br>Date: Sun, 6 Dec 2015 09:41:12 +0600<br>To: <a ymailto="mailto:bunty.ctg@hotmail.com" href="mailto:bunty.ctg@hotmail.com">bunty.ctg@hotmail.com</a><br>CC: <a ymailto="mailto:nog@bdnog.org" href="mailto:nog@bdnog.org">nog@bdnog.org</a><br><br><br><br>Dear Mr. Shajahan,<br>You are talking about human error here. Only proper education and stern actions for intentional errors can fix this issue. Otherwise, you may go for static MAC tables everywhere but that defeats the very cause of Dynamic Networking (DHCP, OSPF etc).<br>Best regards,<br>ANIRUDDHA BARUA<br><br>Email: <a ymailto="mailto:aniruddha.barua@colbd.com" href="mailto:aniruddha.barua@colbd.com">aniruddha.barua@colbd.com</a><br><br><br>On 6 Dec 2015, at 9:00 AM, Mohammad Shahjahan <<a ymailto="mailto:bunty.ctg@hotmail.com" href="mailto:bunty.ctg@hotmail.com">bunty.ctg@hotmail.com</a>> wrote:<br><br>Dear Brother,<br>I am facing terrible problem in my network. The problem scenario as below:<br><br>Network Description:<br><br>1. We are using 64 VLAN segment (/24 * 64 = 16128 ip address's) in 4 different location by internal OSPF routing.<br>2. Most important part is all of those ip address are provided from one DHCP server and ONE GATEWAY (VLAN GATEWAY)[Provided From Layer 3 CISCO SW].<br><br>PROBLEM DESCRIPTION:<br><br>1. Now the problem is if any user put a manual IP address same as gateway ip address, then a specific VLAN NETWORK create some network problem like(ping latency, ip conflict, vlan down).<br><br>QUESTION: <br><br>1. How can i stop using g!<br> ateway<br>ip address in client side (computer/laptop/smartphone)?<br><br>Please help me with some solution.<br><br>Thank you so much in advance.<br><br>--------------------------------------------------------<br>Engr. Mohammad Shahjahan<br>Member of Institute of Engineer Bangladesh<br>Membership Number: M/31195<br>Chittagong, Bangladesh<br>Contact Information: +8801752789798<br>--------------------------------------------------------<br> <br><br>nog mailing list<br><a ymailto="mailto:nog@bdnog.org" href="mailto:nog@bdnog.org">nog@bdnog.org</a><br><a href="http://mailman.bdnog.org/mailman/listinfo/nog" target="_blank">http://mailman.bdnog.org/mailman/listinfo/nog</a><br> <br>-------------- next part --------------<br>An HTML attachment was scrubbed...<br>URL: <<a href="http://mailman.bdnog.org/pipermail/nog/attachments/20151206/7199acd3/attachment-0001.html" target="_blank">http://mailman.bdnog.org/pipermail/nog/attachments/20151206/7199acd3/attachment-0001.html</a>><br><br>------------------------------<br><br>_______________________________________________<br>nog mailing list<br><a ymailto="mailto:nog@bdnog.org" href="mailto:nog@bdnog.org">nog@bdnog.org</a><br><a href="http://mailman.bdnog.org/mailman/listinfo/nog" target="_blank">http://mailman.bdnog.org/mailman/listinfo/nog</a><br><br><br>End of nog Digest, Vol 27, Issue 1<br>**********************************<br><br><br></div> </div> </div></div></body></html>