Access is not the only reason we ask for non-changing source IP addresses. I’m not arguing the long-term sensibility of the approach. It’s arguably a legacy app and has 5000 endpoints that we have to still support until different solutions on our side are complete. That process is outside of my control.
On Jul 30, 2015, at 11:20 AM, Chuck Anderson <c...@wpi.edu<mailto:c...@wpi.edu>> wrote: People need to really stop using Source IP as an ACL mechanism whereever possible. Have you considered using SSL certs or SSH keys or some other sort of API key instead? I'm mean, do you really want to have to know how the technology of every ISP that every possible SaaS customer may use to access your service is set up? On Thu, Jul 30, 2015 at 04:02:06PM +0000, Keith Stokes wrote: I’m wondering if some can share their experiences or maybe there’s an AT&T person here who can confirm policy. I work for SaaS provider who requires a source IP to access our system to businesses. Normally we tell the customer to request a “Static IP” from their provider. That term makes sense to most ISPs. However, we’ve recently worked with an AT&T higher-up tech who told us that every U-Verse modem is locked to an address even when set to DHCP and will not change unless the unit is changed. Ordering a “Static IP” from them means your devices will individually get public addresses, which isn’t a requirement for us, isn’t quite as easy to add multiple devices and costs our customers more money. Here are my questions: 1. Is it really accurate that the customer’s address is tied to the modem/router? 2. For my curiosity, is this done through a DHCP reservation or is there a hard coded entry somewhere? 3. Do all U-Verse modem/routers behave the same way? This particular unit was a Motorola but the friends I’ve seen with U-Verse use a Cisco unit. --- Keith Stokes
