Hi,
This is a relative large migration process but
Cisco Network Admission Control (NAC) is an industry wide collaboration led by Cisco, which focuses on limiting the damage of security threats and it would also prevent your ip conflict issues.
Using NAC and Cisco Catalyst switches, administrators can restrict network access to only compliant and trusted endpoint devices (such as PCs, servers, and personal digital assistants [PDAs]). NAC enables Cisco switches to enforce access privileges when an endpoint device attempts to connect to a network. This decision can be based on information about the endpoint device such as its current antivirus state and OS patch level. NAC allows administrators to manage noncompliant devices in several ways: they can be denied access, placed in a quarantined area, or given restricted access to computing resources.
NAC is part of the Cisco Self-Defending Network, a strategy to dramatically improve the network's ability to automatically identify, prevent, and adapt to security threats.
The switches demand host credentials from the Cisco Trust Agent and relay this information to policy servers where NAC decisions are made. Based on customer-defined policy, the network enforces the appropriate admission control decision: permit, deny, quarantine, or restrict. These ACLs are configured automatically in the edge switches based on the policy returned to the switch. If clients do not authenticate correctly, they can be placed in the "quarantine VLAN" so that they can update their virus-checking software or client-based security agents. It is possible that, based on 802.1x authentication, the port is enabled, only to be restricted or denied because a device is not considered "safe."
Regards,
Bjornarsb
