Duplicate IP guard

YARIV COHEN · ‎07-19-2010

Hi

I have 2 Nortel Passport 8610 as a backbone switch and configure with some vlans. Each vlan have an ip address and a VRRP address which serve as a D.G.

A few days ago someone connected a new server to vlan 10 and configure it with an ip address of the VRRP ip address.

Of course this cause a duplicate IP and all the server connected to this vlan changed the mac address of this server instead of the VRRP mac address which cause a network downtime.

My question:

Is there any feature at cisco 6500 & catalyst switches that could prevent from this being happening ?

If there is any solution/ feature it will help me to convince my bosses to replace our backbone to CISCO.

Thanks

Edison Ortiz · ‎07-19-2010

IP Source Guard along with a static entry will help, for more info - please read:

http://www.cisco.com/en/US/docs/switches/lan/catalyst6500/ios/12.2SX/configuration/guide/ipsrcgrd.html

Regards,

Edison

YARIV COHEN · ‎07-19-2010

First of al thanks.

From managment prespective it will be a nightmare because I have more then 1500 servers spread out overs 12 Backbone switches, and more the 200 virtual servers.

Edison Ortiz · ‎07-20-2010

You can use DHCP for the servers (manual mapping) and implement DHCP Snooping instead of using static database on the switches.

There isn't any magic bullet solution to prevent the issue of duplicate addressing when someone manually enters this information on a host.