IMPB configuration question

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

IMPB configuration question

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
IMPB configuration question
IMPB configuration question
2020-07-14 16:11:38 - last edited 2020-07-14 20:55:56
Hardware Version: V4
Firmware Version: 4.0.0 Build 20180716 Rel.50041(s)

Good evening.

 

We have just installed two of T1600G-52TS Switches. Everything is working very well, but I have a question.

 

I have some public routable IPv4-Adresses on that switch, and one of the connected server is considered untrusted. The server shall run several virtual machines with public routable IPv4-Aresses, but we want to prevent a VM on this Server from using a IPv4 Address not assigned to this machine. We want to limit a specific port on the switch to only use sepcific IPv4-Adresses, regardless of the MAC because the MAC-adress will be randomized for new VMs (the NIC on the Server is in promiscuous mode, so we cannot use the actual MAC of the NIC for filtering.

 

I have tried the "Security"-Feature IPv4-IMPB > IPv4 source guard. When I activate the desired port for SIP, it instantly becomes entirely unreachable. If I use the IMPB-Feature, it asks me to provide the MAC Address which I don't want to filter. I cannot activate IMPB without the MAC and a VLAN ID (which is also not set, because it would require the "untrusted" machine to cooperate).

 

Any ideas, how to achive this? Random MAC, specific Port, only allow several IPv4-Adresses as Source IP? Port Isolation won't be applicable, as the untrusted machine and it's VMs have to connect to the other nodes on the switch.

 

Thank you very much,

der Kraus

  0      
  0      
#1
Options
2 Reply
Re:IMPB configuration question
2020-07-15 06:29:23

@der-Kraus 

 

Hi,

 

IPv4 IMPB (IP-MAC-Port Binding) is used to bind the IP address, MAC address, VLAN ID and the connected port number of the specified host.

 

Any ideas, how to achive this? Random MAC, specific Port, only allow several IPv4-Adresses as Source IP? Port Isolation won't be applicable, as the untrusted machine and it's VMs have to connect to the other nodes on the switch.

 

 

For your demand, I'm afraid that it can be achieved with the switch if it's not based on the MAC address.

>> Omada EAP Firmware Trial Available Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#2
Options
Re:IMPB configuration question
2020-07-15 08:03:49
@Fae, thank you for your reply. No worries, in that case we'll find another solution to handle this. Thank you for clarify. Kind regards, der Kraus
  0  
  0  
#3
Options