IP Conflict ...

sanjaynadarajah · ‎03-22-2006

Hi,

I would like to know is there

anyway to avoid IP conflicts in a large campus network.

I work in a manufacturing whereby I face this issue on and off. Is there any way to avoid this, ie) any commands

... setting the port to a few allowed mac addresses ??

Why can't the router just reject an IP that it is already in use in production ?? Can't it check the ARP table as a safe mechanism to avoid IP conflict ?

Please enlighten me people,

Thank you,

-SN-

vladrac-ccna · ‎03-22-2006

Hello SN,

Never seen this kind of feature before, either.

the only thing close to this would be DAI Dynamic ARP Inspection :

DAI is a security feature that validates ARP packets in a network. DAI intercepts, logs, and discards ARP packets with invalid IP-to-MAC address bindings. This capability protects the network from some man-in-the-middle attacks.

DAI ensures that only valid ARP requests and responses are relayed. The switch performs these activities:

•Intercepts all ARP requests and responses on untrusted ports

•Verifies that each of these intercepted packets has a valid IP-to-MAC address binding before updating the local ARP cache or before forwarding the packet to the appropriate destination

•Drops invalid ARP packets

DAI determines the validity of an ARP packet based on valid IP-to-MAC address bindings stored in a trusted database, the DHCP snooping binding database. This database is built by DHCP snooping if DHCP snooping is enabled on the VLANs and on the switch. If the ARP packet is received on a trusted interface, the switch forwards the packet without any checks. On untrusted interfaces, the switch forwards the packet only if it is valid.

DAI can validate ARP packets against user-configured ARP access control lists (ACLs) for hosts with statically configured IP addresses.

Vlad

WAYNE MOORE · ‎03-23-2006

are you using DHCP?? if so is the DHCP on the router ?

-WM