cancel
Showing results for 
Search instead for 
Did you mean: 

How can I prevent a user from assigning a duplicate static IP?

How can I prevent a user from assigning a duplicate static IP?

Jared_Sabin
New Contributor
Recently a student assigned a static IP to their personal device connected to our network. The IP they chose was the default gateway IP of the vlan. This caused alot of problems as there was now an IP conflict.

I was wondering what kind of configuration I could put on my extreme 440/450s on the edge to prevent this. On reddit someone said on cisco this would be called " ip arp inspection and ip source guard". I looked on Gtac and saw something like this. If this is a solution, could I see an sample configuration to stop an edge port from using a static IP of say 10.18.96.1?

Thanks
11 REPLIES 11

Ahmed_Haroun
New Contributor III
what about using IP duplicate address detection DAD ?

Jared_Sabin
New Contributor
Well when I read the paragraph it makes it seem like when you enable Source-IP lockdown, it denys all traffic on the port in an ACL. Then it creates another ACL that allows only DHCP traffic. So maybe that IS actually forcing the port to be DHCP only.

My next thought was to force a port to only allow DHCP devices. Though, I'm not sure how to do that at the moment.

Terren_Crider
New Contributor II
This is an interesting problem. I've never encountered this before.

You could try using network policy to block traffic from that IP (and any other restricted IP) on user ports.

GTM-P2G8KFN