prevent ip conflict

Unanswered Question
May 4th, 2007

hello..does cisco switch has feature to prevent ip conflict on the lan? at my office ip is usually grabbed by unintended user.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
bjornarsb Sat, 05/05/2007 - 03:23

Hi,

This is a relative large migration process but

Cisco Network Admission Control (NAC) is an industry wide collaboration led by Cisco, which focuses on limiting the damage of security threats and it would also prevent your ip conflict issues.

Using NAC and Cisco Catalyst switches, administrators can restrict network access to only compliant and trusted endpoint devices (such as PCs, servers, and personal digital assistants [PDAs]). NAC enables Cisco switches to enforce access privileges when an endpoint device attempts to connect to a network. This decision can be based on information about the endpoint device such as its current antivirus state and OS patch level. NAC allows administrators to manage noncompliant devices in several ways: they can be denied access, placed in a quarantined area, or given restricted access to computing resources.

NAC is part of the Cisco Self-Defending Network, a strategy to dramatically improve the network's ability to automatically identify, prevent, and adapt to security threats.

The switches demand host credentials from the Cisco Trust Agent and relay this information to policy servers where NAC decisions are made. Based on customer-defined policy, the network enforces the appropriate admission control decision: permit, deny, quarantine, or restrict. These ACLs are configured automatically in the edge switches based on the policy returned to the switch. If clients do not authenticate correctly, they can be placed in the "quarantine VLAN" so that they can update their virus-checking software or client-based security agents. It is possible that, based on 802.1x authentication, the port is enabled, only to be restricted or denied because a device is not considered "safe."

Regards,

Bjornarsb

jemekeren Sun, 05/06/2007 - 22:04

hi..is NAC hardware based? where it is located? and how NAC and switch and Policy works? does the policy server is actually ACS? tx ...

bjornarsb Tue, 05/08/2007 - 02:58

Hi,

Enabling dhcp cannot prevent unintended users to manually configure IP on their PC's ?

Regards,

Bjornarsb

bjornarsb Tue, 05/08/2007 - 03:02

Hi,

I quess that you at least should enable IEEE 802.1x Authentication ?

Regards,

Bjornarsb

Actions

This Discussion