Control duplicated IP

Unanswered Question
May 26th, 2008


We assign ip of form static to any equipment of our network. The issue is when someone sets a ip of other server, it can cause collision of the packets and down conection.

I thought a solution, if will create a ACL by each port as the following:

ip access-list standard IP-f0/1

permit host

deny any

interface f0/1

ip access-group IP-f0/1 in

With this configuration only can assign the IP to any equipment aggregated to f0/1. do you think that it can be the solution?


I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Edison Ortiz Mon, 05/26/2008 - 09:25

That may be a solution but way too cumbersome and requires a lot of administrative work.

How about using DHCP with IP Address reservations or static mappings. You can then deploy DHCP snooping with IP Source Guard.

This option is more scalable and requires less administrative work in the switches.

The following is some reading documentation from the 3560 Series:




Giuseppe Larosa Mon, 05/26/2008 - 12:02


I agree with Edison, it is so easy to swap two LAN cables during maintenance work and if someone does it you have two servers isolated ! And it is not scalable.

With a DHCP server the new host can get its IP address dynamically and then you can associate this IP address to the host's NIC MAC address (a reservation).

With DHCP snooping and IP source guard you protect your network from some possible attacks and you get dynamically a binding of an IP address and the switch port where the host's NIC is connected.

Best Regards



This Discussion