Yo can't compel users to use a specific range on a switch. It has no power on PCs.
But you can, for example, et up VLAN, which will mean that each port will be assigned to a ALN for which you will decide of mask. A PC with another IP won't be in the network.
The depending on how manageable is your switch, you can use access lists to forbid those 'outside network' computers to have any access.
I do not know which is your switch, but read some configuration examples at :
Which switch do you have? Unless it's layer three capable it probably has no idea of IP addresses.
Unless you are dealing with a hacker the easiest way to fix the problem is to have your router guy put a filter on which only allows your chosen range of ip addresses to get through. Eventually you will get a trouble report from the culprit saying he can't get to the internet.
Usually it would be a two step process to discover your culprit unless your switch is a layer three switch. What you do is ask your router for its arp table. Search through the arp table until you find an unauthorized IP address and then note its MAC. Then go to the switch and search through its forwarding table until you find the MAC address. That will give you the port address.
Alternatively you can use a tool like getif (windows based http://www.wtcs.org/snmp4tpc/getif.htm) to scan the network. It just sends out a ping to every address in a range of addresses and reports back on which ones answer. Snort (an intrusion detector http://www.snort.org/) could also be used to look for any addresses which were not in the correct range but you would have to have your switch set correctly for it to work.
HP's Toptools which comes with HP switches apparently has some way of connecting IP addresses to MACs. Never used it so can't say for sure.
1st thank you for the fast help. i will use Hewlett Packard ProCurve 2524M and as a backbone Hewlett Packard ProCurve 4108GL i think or better i hope with this components my vision will work ;)
do i understand right? i can't block ranges of IP's? because i want the Users to stay in a special Range so i could find them faster.
What is with HP OpenView will this works or is getif better?
You can't MAKE people stay in a range, but you can prevent people 'out of the range you want' to access the network, thru Access list. On 2524, it is perfectly possible. Read ftp://ftp.hp.com/pub/networking/software/59692354.pdf (beware, heavy file, get list from http://www.hp.com/rnd/support/manuals/23xx_25xx.htm Openview an getif are not of the same kind ! Getif is used to scan the network and get a reply, letting you know which IP are on the network, Openview is a full featured management software, far more powerfull (and expensive !).
With these access lists, you will undoubtedly force people to stay in the range you wish, as they will have no network if they are out of it !
Thanks to assign points if all this is useful to you, that's how Ron and I are fed !
HP OpenView will automatically discovery all active hosts on a network. Its major drawback is its cost. It's a major purchase whereas getif is free but has to be run manually.
ok so i have to test getif. :) could i ask you if i have problems setting up getif? I think i will find manuals in the net but if i wouldn't success i will ask.
I'll try to clarify a couple of things here to prevent misunderstandings.
Fist, 25XX-series is strictly layer2 device. That means there's no way you can create access lists with that, you can control IP broadcasts but that's it.
41XX-series does understand some layer3 features like you can create 16 static routes, but no ACLs there either.
What you can do, as advised already, is create port-based VLANs. You can configure each VLAN to a separate subnet. Also you can control on how many MAC addresses the switch will learn on a port.
If you truly want to be able to control things with ACLs, you need a router or a routing switch. In HP range this is currently limited to 53XX and 93XX-series.
Check the management and configuration guides, they're indeed very comprehensive things.
OK, but how is it with Game-Servers they share the games via Broadcasts and when i have a routing Switch is it possible that the games wouldn't be found by the Clients?
And when i set up VLANs for the backbone Switch... the Clients could use IPs they want but they get no connection to others???
