What's the best way to block IP spoofing on a layer 3 switch?
- by toupeira
We're hosting Dedicated Servers and are currently using old 3com switches with IP-based ACLs. So each port has an ACL that allows all IP addresses assigned to this customer, and blocks everything else.
But now 3com was bought by HP, and the follow-up model only supports basic ACL that aren't flexible enough to both allow certain IPs while blocking others. Looking at other switches in a similar price-range, we've found that most of them have similar problems or don't offer any ACL features at all.
I assume this could also somehow be done with VLANs, but if I understand this correctly we'd still need some kind of ACL to actually specify the valid IP addresses for each port.
What do you use to make sure your customers don't use unassigned IP addresses? Or what switches can you recommend that have flexible ACL functionality?