how prevent IP conflict

Dan Sahlin dan.sahlin at raycore-fos.com
Fri Dec 20 07:39:18 UTC 2013 

Yes, a DHCP server itself cannot solve this problem.

However, for access networks, i.e. networks used for Internet connection to
end users in Sweden, the standard solution since 2005 is to use the SEC
standard on the access switch, see http://www.sakerkundanslutning.se/
It contains a detailed description of DHCP snooping and other things the
users might do to by mistake or intentionally to disrupt Internet
connectivity for each other.

Nowadays, most access switches can be configured in SEC mode.
For an office, where you normally have more control of the users, SEC is
not used as it would make it difficult to reach common resources and
communication between the computers, but you seem to need it!

     /Dan

Dan Sahlin, Raycore, Sweden


2013/12/20 Glenn Satchell <glenn.satchell at uniq.com.au>

> On Fri, December 20, 2013 9:28 am, Steven Carr wrote:
> > On 19 December 2013 22:19, Adam Moffett <adamlists at plexicomm.net> wrote:
> >> It might be easier to have a simple, open network design and employ a
> >> SWAT
> >> team to handle abusers.
> >
> > You could spin up a second network, keep everything that is needed to
> > keep the network running on that network and then let the users have
> > full access to the "dirty" network, if they mess about and cause
> > problems for other users then I'm sure they'll get the message when
> > another user starts shouting at them, meanwhile the network services
> > will continue to function as normal.
>
> Until he picks the IP of the router or gateway :)
>
> There is no easy technical solution to this. Perhaps 802.1x might help
> (where the system has to authenticate to the network before gaining
> access. Then you could block if they have an invalid IP address.)
>
> regards,
> -glenn
>
>
> _______________________________________________
> dhcp-users mailing list
> dhcp-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/dhcp-users
>



-- 

Dan Sahlin

*RAY*
*CORE *Fiber Optic Solutions AB

*Mobil:*    +46 70 519 81 87
*Kontor:*  +46 8 618 72 05
*Fax:*       +46 8 618 72 09
*e-post:*    dan.sahlin at raycore-fos.com

*Post:*   Box 2022, 131 02 Nacka
*Besök:*   Vattenverksvägen 8, 131 41 Nacka
*Webbsida:*  *http://www.raycore-fos.com <http://www.raycore-fos.com/>*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.isc.org/pipermail/dhcp-users/attachments/20131220/fe5cbb3c/attachment-0001.html>

More information about the dhcp-users mailing list