07-24-2015 05:49 AM - edited 02-21-2020 05:32 AM
Hello lads,
I was wondering the other day how could I prevent a host causing IP duplication on the network.
The situation:
We are using DHCP sever on the network with MAC based authentication, so only users get address from the DHCP who's are on the list with their MAC address.
But people who give statically IP address to their device can use the network. If they can find out
So here comes the problem. In some case they add IP address which is already used and it will cause IP duplication.
I want to prevent this to happen by shutting down the port or prevent this to happen.
Mean while I also want to manage it dynamically by not to add each MAC address of the servers or the gateways etc.
Any help is appreciated!
Thanks,
Dave.
08-09-2015 07:26 PM
Hi,
What switches are you using? You could look at dhcp snooping, arp inspection and source guard. This will force users to use dhcp.
Thanks
John
08-10-2015 01:42 AM
Hello,
We are using 2950, SG200, 3560 switches.
Do you have best any best practice list how to implement those with functions ?
Thanks!
Dave.
08-10-2015 05:11 PM
Hi,
Have a look at the following docs:
http://www.cisco.com/c/en/us/support/docs/switches/catalyst-3750-series-switches/72846-layer2-secftrs-catl3fixed.html
http://www.cisco.com/c/en/us/td/docs/solutions/Enterprise/Security/SAFE_RG/SAFE_rg/chap8.html#wp1053552
Thanks
John
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: