What's the best way to block IP spoofing on a layer 3 switch?
Posted
by
toupeira
on Server Fault
See other posts from Server Fault
or by toupeira
Published on 2011-01-13T15:58:29Z
Indexed on
2011/01/13
16:55 UTC
Read the original article
Hit count: 239
We're hosting Dedicated Servers and are currently using old 3com switches with IP-based ACLs. So each port has an ACL that allows all IP addresses assigned to this customer, and blocks everything else.
But now 3com was bought by HP, and the follow-up model only supports basic ACL that aren't flexible enough to both allow certain IPs while blocking others. Looking at other switches in a similar price-range, we've found that most of them have similar problems or don't offer any ACL features at all.
I assume this could also somehow be done with VLANs, but if I understand this correctly we'd still need some kind of ACL to actually specify the valid IP addresses for each port.
What do you use to make sure your customers don't use unassigned IP addresses? Or what switches can you recommend that have flexible ACL functionality?
© Server Fault or respective owner