HPE Community
Switches, Hubs, and Modems
1753275 Members
4845 Online
108792 Solutions
New Discussion юеВ

IP-Range on a Switch

 
Daniel Hermann
New Member

тАО06-30-2003 02:31 AM

тАО06-30-2003 02:31 AM

IP-Range on a Switch

Is it possible for me to set up an IP-Range on a managable Switch?
because i want the plugged users to use no other IP then thoe in this IP-Range.

if not how can i find a user in a 400 computers network who has an other IP (i want to know on witch port on the Swqitch he is plugged in)

I hope my english is good enough to understand my Question.
Thank you for your help
0 Kudos
11 REPLIES 11
Jerome Henry
Honored Contributor

тАО06-30-2003 11:22 AM

тАО06-30-2003 11:22 AM

Re: IP-Range on a Switch

Yo can't compel users to use a specific range on a switch. It has no power on PCs.

But you can, for example, et up VLAN, which will mean that each port will be assigned to a ALN for which you will decide of mask. A PC with another IP won't be in the network.

The depending on how manageable is your switch, you can use access lists to forbid those 'outside network' computers to have any access.

I do not know which is your switch, but read some configuration examples at :

http://www.hp.com/rnd/support/config_examples/93xx_6308.htm

hth

J
You can lean only on what resists you...
0 Kudos
Ron Kinner
Honored Contributor

тАО06-30-2003 11:34 AM

тАО06-30-2003 11:34 AM

Re: IP-Range on a Switch

Which switch do you have? Unless it's layer three capable it probably has no idea of IP addresses.

Unless you are dealing with a hacker the easiest way to fix the problem is to have your router guy put a filter on which only allows your chosen range of ip addresses to get through. Eventually you will get a trouble report from the culprit saying he can't get to the internet.

Usually it would be a two step process to discover your culprit unless your switch is a layer three switch. What you do is ask your router for its arp table. Search through the arp table until you find an unauthorized IP address and then note its MAC. Then go to the switch and search through its forwarding table until you find the MAC address. That will give you the port address.

Alternatively you can use a tool like getif (windows based http://www.wtcs.org/snmp4tpc/getif.htm) to scan the network. It just sends out a ping to every address in a range of addresses and reports back on which ones answer. Snort (an intrusion detector http://www.snort.org/) could also be used to look for any addresses which were not in the correct range but you would have to have your switch set correctly for it to work.

HP's Toptools which comes with HP switches apparently has some way of connecting IP addresses to MACs. Never used it so can't say for sure.

Ron
Daniel_107
New Member

тАО06-30-2003 12:04 PM

тАО06-30-2003 12:04 PM

Re: IP-Range on a Switch


1st thank you for the fast help.
i will use Hewlett Packard ProCurve 2524M
and as a backbone Hewlett Packard ProCurve 4108GL
i think or better i hope with this components my vision will work ;)

do i understand right?
i can't block ranges of IP's?
because i want the Users to stay in a special Range so i could find them faster.

What is with HP OpenView will this works or is getif better?
0 Kudos
Jerome Henry
Honored Contributor

тАО06-30-2003 12:33 PM

тАО06-30-2003 12:33 PM

Re: IP-Range on a Switch

Hi,

You can't MAKE people stay in a range, but you can prevent people 'out of the range you want' to access the network, thru Access list.
On 2524, it is perfectly possible. Read
ftp://ftp.hp.com/pub/networking/software/59692354.pdf
(beware, heavy file, get list from
http://www.hp.com/rnd/support/manuals/23xx_25xx.htm
Openview an getif are not of the same kind ! Getif is used to scan the network and get a reply, letting you know which IP are on the network, Openview is a full featured management software, far more powerfull (and expensive !).

With these access lists, you will undoubtedly force people to stay in the range you wish, as they will have no network if they are out of it !

Thanks to assign points if all this is useful to you, that's how Ron and I are fed !

:]

J
You can lean only on what resists you...
0 Kudos
Daniel Hermann
New Member

тАО06-30-2003 10:40 PM

тАО06-30-2003 10:40 PM

Re: IP-Range on a Switch

I hope i will be able to set up VLAN :)
thanks for help. I ask a second time if i have probs with the configuration.
0 Kudos
Jerome Henry
Honored Contributor

тАО06-30-2003 10:49 PM

тАО06-30-2003 10:49 PM

Re: IP-Range on a Switch

Ok,

You'll see it's not very hard !

Ask if required !

Good luck

J
You can lean only on what resists you...
0 Kudos
Ron Kinner
Honored Contributor

тАО07-01-2003 11:36 AM

тАО07-01-2003 11:36 AM

Re: IP-Range on a Switch

HP OpenView will automatically discovery all active hosts on a network. Its major drawback is its cost. It's a major purchase whereas getif is free but has to be run manually.

Ron
0 Kudos
Daniel Hermann
New Member

тАО07-02-2003 02:05 AM

тАО07-02-2003 02:05 AM

Re: IP-Range on a Switch

ok so i have to test getif. :)
could i ask you if i have problems setting up getif?
I think i will find manuals in the net but if i wouldn't success i will ask.

Thx
Daniel
0 Kudos
Jerome Henry
Honored Contributor

тАО07-02-2003 03:51 AM

тАО07-02-2003 03:51 AM

Re: IP-Range on a Switch

Welcome to ask !
You'll see it's not hard to handle.

J
You can lean only on what resists you...
0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.