What's the best way to block IP spoofing on a layer 3 switch?

Posted by toupeira on Server Fault See other posts from Server Fault or by toupeira
Published on 2011-01-13T15:58:29Z Indexed on 2011/01/13 16:55 UTC
Read the original article Hit count: 239

Filed under:
|
|

We're hosting Dedicated Servers and are currently using old 3com switches with IP-based ACLs. So each port has an ACL that allows all IP addresses assigned to this customer, and blocks everything else.

But now 3com was bought by HP, and the follow-up model only supports basic ACL that aren't flexible enough to both allow certain IPs while blocking others. Looking at other switches in a similar price-range, we've found that most of them have similar problems or don't offer any ACL features at all.

I assume this could also somehow be done with VLANs, but if I understand this correctly we'd still need some kind of ACL to actually specify the valid IP addresses for each port.

What do you use to make sure your customers don't use unassigned IP addresses? Or what switches can you recommend that have flexible ACL functionality?

© Server Fault or respective owner

Related posts about switch

Related posts about acl