What are features for detecting duplicate ip addresses?

Thotsaphon Lueangwattanaphong · ‎09-11-2007

I wanna know what features of cisco 3750 for detecting duplicate ip addresses.let's say I assign 5 IP addresses for my managers by using the dhcp server.If someone(internal users) try to set those ip addresses manually then how do I (prevent/detect) duplicate ip addresses in this case.

What are features of cisco 3750 can do?

please feel free to add any comments

Thanks

Thot

Kevin Dorrell · ‎09-11-2007

I think the DHCP server will check that an IP address is not in use (by ARPing for it) before it issues it.

Conversely, a statically configured PC will also do an ARP for its own address before it boots up, and if it detects a conflict it will tell the user and not boot. I cannot say what other types of host might do.

If you really want to tie it down, you could make a fixed DHCP mapping, but this can get administratively heavy on a big site.

Kevin Dorrell

Luxembourg

jcoke · ‎09-11-2007

Take a look at IP Source Guard. It's one part of a really nice suite of features aimed at layer 2 security. It rides on DHCP snooping which, in and of itself, is useful for blocking rogue DHCP servers.

DHCP Snooping and IP Source Guard on the 3750

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00805a6568.html

You might also consider adding Dynamic ARP Inspection to round out the trio.

http://www.cisco.com/en/US/products/hw/switches/ps5023/products_configuration_guide_chapter09186a00805a64f2.html