How to protect registered IP addresses
Hi, Internet Experts, I run into a problem these days. We have a campus network with a class B IP block. This network is connected with Internet. By now, we have thousands of registered users and allocate IP addresses to them. Recently, we installed an accouting system to monitor how much traffic each user had accounted for. Each month, these users should pay their bills based on how much traffic they have used. Soon, we find some problems: Some guys are using the unallocated addresses, and they are accessing Internet wildly; At the same time, other anonymous users are using illegally the addresses of registered users. Here my questions are: First, Is there any better solution to protect the unallocated addresses --- besides access-list? The first selection seems to be adding access-lists on the routers, to block all the unallocted addresses. However, considering the quantity of the IP addresses(a class B), it sure is a great burden to block the addresses one by one(or almost one by one). I'm not sure if cisco routers support such long access-list. Second, how can we protect the IP addresses of registered users from being used by other people ? Any tips are greatly appreciated! regards, Wei Sun
I believe you can just deny by default and allow traffic from the registered address blocks under each interface, on incoming interfaces at your central router (and sub-routers). Nice short list. -george william herbert gherbert@crl.com
participants (2)
-
George Herbert
-
Sun Wei