Splitting an ISP allocated range to multiple networks with a single public IP each (Layer 3 Switch)

[swappedsr]

Yeah, totally understand the loss of addresses.  I am assuming here the tenants need public static addresses, no dhcp and public address are not routed, just hanging off the isp's router. I am leaving out the organization firewall here for simplicity.  

 

Here we have 3 tenants all in the same public subnet.  Can you put in an ACL or something on a switch to say, Tenant A, you can only assign this address (63.210.162.151) on your router and if you try to configure an ip address of Tenant B/C it will be prevented.  Then two ACL's on each tenant switchport to say, Allow access to the gateway 63.210.162.150/24 and deny all other traffic to other tenant's in that subnet. Basically, just trying to segregate the tenants using the /24 just as if you gave them small individual subnets, but you would be saving the ip's because you didn't have to subnet the /24 for each tenant.  Hope I am making sense here.

 

 

 

 

 

 

 

 

[+BudMan MVC]

Why can you not do it via dhcp? 

 

You can not keep someone from fat fingering an IP when its static.  I have been doing this for years and years, and many a setup where given a few IPs out of block and never had any issues with dup Ips..  If someone fat fingers there IP and it steps on mine, they are are not going to work..  So they should figure it out very quickly that they have the wrong IP, etc.

 

But in your example I would hand out those IPs via dhcp.