Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

prevent ip conflict

hello..does cisco switch has feature to prevent ip conflict on the lan? at my office ip is usually grabbed by unintended user.

6 REPLIES
Bronze

Re: prevent ip conflict

Hi,

This is a relative large migration process but

Cisco Network Admission Control (NAC) is an industry wide collaboration led by Cisco, which focuses on limiting the damage of security threats and it would also prevent your ip conflict issues.

Using NAC and Cisco Catalyst switches, administrators can restrict network access to only compliant and trusted endpoint devices (such as PCs, servers, and personal digital assistants [PDAs]). NAC enables Cisco switches to enforce access privileges when an endpoint device attempts to connect to a network. This decision can be based on information about the endpoint device such as its current antivirus state and OS patch level. NAC allows administrators to manage noncompliant devices in several ways: they can be denied access, placed in a quarantined area, or given restricted access to computing resources.

NAC is part of the Cisco Self-Defending Network, a strategy to dramatically improve the network's ability to automatically identify, prevent, and adapt to security threats.

The switches demand host credentials from the Cisco Trust Agent and relay this information to policy servers where NAC decisions are made. Based on customer-defined policy, the network enforces the appropriate admission control decision: permit, deny, quarantine, or restrict. These ACLs are configured automatically in the edge switches based on the policy returned to the switch. If clients do not authenticate correctly, they can be placed in the "quarantine VLAN" so that they can update their virus-checking software or client-based security agents. It is possible that, based on 802.1x authentication, the port is enabled, only to be restricted or denied because a device is not considered "safe."

Regards,

Bjornarsb

New Member

Re: prevent ip conflict

hi..is NAC hardware based? where it is located? and how NAC and switch and Policy works? does the policy server is actually ACS? tx ...

Bronze

Re: prevent ip conflict

Hi,

Pleas have a look at this at a glance doc:

http://www.cisco.com/application/pdf/en/us/guest/netsol/ns466/c643/cdccont_0900aecd800fdd58.pdf

Hope this is clarifying!

Regards,

Bjornarsb

New Member

Re: prevent ip conflict

Just check that Cisco NAC works with cisco switches only. But Juniper UAC works with other vendor switches also.

Best low cost solution will be enable DHCP on your network.

Bronze

Re: prevent ip conflict

Hi,

Enabling dhcp cannot prevent unintended users to manually configure IP on their PC's ?

Regards,

Bjornarsb

Bronze

Re: prevent ip conflict

Hi,

I quess that you at least should enable IEEE 802.1x Authentication ?

Regards,

Bjornarsb

313
Views
0
Helpful
6
Replies
CreatePlease to create content