This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How can I prevent a user from assigning a duplicate static IP?

How can I prevent a user from assigning a duplicate static IP?

Jared_Sabin
New Contributor

‎12-08-2017 02:34 PM

Recently a student assigned a static IP to their personal device connected to our network. The IP they chose was the default gateway IP of the vlan. This caused alot of problems as there was now an IP conflict.

I was wondering what kind of configuration I could put on my extreme 440/450s on the edge to prevent this. On reddit someone said on cisco this would be called " ip arp inspection and ip source guard". I looked on Gtac and saw something like this. If this is a solution, could I see an sample configuration to stop an edge port from using a static IP of say 10.18.96.1?

Thanks
0 Kudos
11 REPLIES 11

Ahmed_Haroun
New Contributor III

‎12-10-2017 10:20 AM

what about using IP duplicate address detection DAD ?
0 Kudos

Jared_Sabin
New Contributor

‎12-08-2017 03:27 PM

Well when I read the paragraph it makes it seem like when you enable Source-IP lockdown, it denys all traffic on the port in an ACL. Then it creates another ACL that allows only DHCP traffic. So maybe that IS actually forcing the port to be DHCP only.
0 Kudos

Terren_Crider
Contributor
In response to Jared_Sabin

‎12-08-2017 03:27 PM

My next thought was to force a port to only allow DHCP devices. Though, I'm not sure how to do that at the moment.
0 Kudos

Terren_Crider
Contributor

‎12-08-2017 03:25 PM

This is an interesting problem. I've never encountered this before.

You could try using network policy to block traffic from that IP (and any other restricted IP) on user ports.

0 Kudos
GTM-P2G8KFN