How can I prevent a user from assigning a duplicate static IP?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-08-2017 02:34 PM
Recently a student assigned a static IP to their personal device connected to our network. The IP they chose was the default gateway IP of the vlan. This caused alot of problems as there was now an IP conflict.
I was wondering what kind of configuration I could put on my extreme 440/450s on the edge to prevent this. On reddit someone said on cisco this would be called " ip arp inspection and ip source guard". I looked on Gtac and saw something like this. If this is a solution, could I see an sample configuration to stop an edge port from using a static IP of say 10.18.96.1?
Thanks
I was wondering what kind of configuration I could put on my extreme 440/450s on the edge to prevent this. On reddit someone said on cisco this would be called " ip arp inspection and ip source guard". I looked on Gtac and saw something like this. If this is a solution, could I see an sample configuration to stop an edge port from using a static IP of say 10.18.96.1?
Thanks
11 REPLIES 11
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-10-2017 10:20 AM
what about using IP duplicate address detection DAD ?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-08-2017 03:27 PM
Well when I read the paragraph it makes it seem like when you enable Source-IP lockdown, it denys all traffic on the port in an ACL. Then it creates another ACL that allows only DHCP traffic. So maybe that IS actually forcing the port to be DHCP only.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-08-2017 03:27 PM
My next thought was to force a port to only allow DHCP devices. Though, I'm not sure how to do that at the moment.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Get Direct Link
- Report Inappropriate Content
‎12-08-2017 03:25 PM
This is an interesting problem. I've never encountered this before.
You could try using network policy to block traffic from that IP (and any other restricted IP) on user ports.
You could try using network policy to block traffic from that IP (and any other restricted IP) on user ports.
