Good evening.

We have just installed two of T1600G-52TS Switches. Everything is working very well, but I have a question.

I have some public routable IPv4-Adresses on that switch, and one of the connected server is considered untrusted. The server shall run several virtual machines with public routable IPv4-Aresses, but we want to prevent a VM on this Server from using a IPv4 Address not assigned to this machine. We want to limit a specific port on the switch to only use sepcific IPv4-Adresses, regardless of the MAC because the MAC-adress will be randomized for new VMs (the NIC on the Server is in promiscuous mode, so we cannot use the actual MAC of the NIC for filtering.

I have tried the "Security"-Feature IPv4-IMPB > IPv4 source guard. When I activate the desired port for SIP, it instantly becomes entirely unreachable. If I use the IMPB-Feature, it asks me to provide the MAC Address which I don't want to filter. I cannot activate IMPB without the MAC and a VLAN ID (which is also not set, because it would require the "untrusted" machine to cooperate).

Any ideas, how to achive this? Random MAC, specific Port, only allow several IPv4-Adresses as Source IP? Port Isolation won't be applicable, as the untrusted machine and it's VMs have to connect to the other nodes on the switch.

Thank you very much,

der Kraus