Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Community Member

Control duplicated IP

Hello,

We assign ip of form static to any equipment of our network. The issue is when someone sets a ip of other server, it can cause collision of the packets and down conection.

I thought a solution, if will create a ACL by each port as the following:

ip access-list standard IP-f0/1

permit host 192.168.1.2

deny any

interface f0/1

ip access-group IP-f0/1 in

With this configuration only can assign the IP 192.168.1.2 to any equipment aggregated to f0/1. do you think that it can be the solution?

Regards.

2 REPLIES
Hall of Fame Super Bronze

Re: Control duplicated IP

That may be a solution but way too cumbersome and requires a lot of administrative work.

How about using DHCP with IP Address reservations or static mappings. You can then deploy DHCP snooping with IP Source Guard.

This option is more scalable and requires less administrative work in the switches.

The following is some reading documentation from the 3560 Series:

http://www.cisco.com/en/US/docs/switches/lan/catalyst3560/software/release/12.2_20_se/configuration/guide/swdhcp82.html#wp1138804

HTH,

__

Edison.

Hall of Fame Super Silver

Re: Control duplicated IP

Hello,

I agree with Edison, it is so easy to swap two LAN cables during maintenance work and if someone does it you have two servers isolated ! And it is not scalable.

With a DHCP server the new host can get its IP address dynamically and then you can associate this IP address to the host's NIC MAC address (a reservation).

With DHCP snooping and IP source guard you protect your network from some possible attacks and you get dynamically a binding of an IP address and the switch port where the host's NIC is connected.

Best Regards

Giuseppe

122
Views
0
Helpful
2
Replies
CreatePlease to create content