HPE Community
Operating System - Linux
1832385 Members
3056 Online
110041 Solutions
New Discussion

IP Conflict

 
Leovino A. Trinidad, Jr
Frequent Advisor

‎10-04-2004 07:02 PM

‎10-04-2004 07:02 PM

IP Conflict

Hi!

I want to ask how do you prevent a server from IP conflict? We just had this occured in one of our critical production linux server. Can we use IPTables for this?

Regards,


LAT
0 Kudos
Reply
10 REPLIES 10
Slawomir Gora
Honored Contributor

‎10-04-2004 07:21 PM

‎10-04-2004 07:21 PM

Re: IP Conflict

Hi,

maby you can use arping.
0 Kudos
Reply
Vitaly Karasik_1
Honored Contributor

‎10-04-2004 07:58 PM

‎10-04-2004 07:58 PM

Re: IP Conflict

IMHO, you cannot prevent IP conflicts without users educations/Network policy.
[User can boot his computer with random IP, start DHCP server, etc]

Regarding technical tools - probably you can play with switches configuration in order to connect MAC and IP.

0 Kudos
Reply
HGN
Honored Contributor

‎10-05-2004 12:44 AM

‎10-05-2004 12:44 AM

Re: IP Conflict

Hi

This has happened many times on our environment, this can be prevented only by us by making sure that this ip does not exist elsewhere,nslookup can be used. Also talking to the network people who assign the IP for them to make sure that also don't assign duplicate IP's.

Rgds

Gopi
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎10-05-2004 06:05 AM

‎10-05-2004 06:05 AM

Re: IP Conflict

IP conflict is not an environment in which democracy flourishes. You need a dictatorship.

There has to be one person who is anal and keeps good records and hands out IP addresses.

A lot of issues are resolved by setting up a DHCP pool for clients and requiring all users to use this model. Users should never be allowed to assign their own IP addresses.

Sysadmins MUST be required to go to the dictator to get server ip addresses.

In this environment there will be little conflict.

Point up these guys, they gave you nice input Sir.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Leovino A. Trinidad, Jr
Frequent Advisor

‎10-05-2004 01:47 PM

‎10-05-2004 01:47 PM

Re: IP Conflict

Hello!

Thank you guys for your help and for sharing your ideas on how to prevent the conflict. I am just wondering, can it happen that the conflict will occur not within the LAN but in WAN (internet). arping is a fine tool but what if you do not have control to the machine conflicting with your server... just a thought. Hope there could be a good remedy on it aside from tracing the conflicting machine.

Again, thank you.


LAT
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎10-05-2004 02:44 PM

‎10-05-2004 02:44 PM

Re: IP Conflict

Forcing ARP tables on switches/routers is about as close as you can get to forcibly disallow IP conflicts.

It doesn't stop a user from trying to use an already assigned IP, but at least if the ARP tables in the switch/routers are forced (read: static, not dynamic), even if the users do do the stupid, it won't harm as much.

But SEP is right. You do need a *SINGLE* person, or process, to assign IP addresses to users/admins. Having a distributed collective dole out addresses is just asking for pain.
One long-haired git at your service...
0 Kudos
Reply
Stuart Browne
Honored Contributor

‎10-05-2004 02:45 PM

‎10-05-2004 02:45 PM

Re: IP Conflict

Oh, note.. Manually (statically) filling in ARP tables is a painful, PAINFUL process. I'd not reccomend using this method for a large amount of systems, but it can be useful for a few core systems which require just a little more stability than the rest of the users.
One long-haired git at your service...
0 Kudos
Reply
Johannes Krackowizer_1
Valued Contributor

‎10-05-2004 10:55 PM

‎10-05-2004 10:55 PM

Re: IP Conflict

hi,

static arp tables in switches are very nice but i don't use them because it's horrible to update them everytime you change something in the network (for example replace a broken nic in a workstation or someone wants to connect his notebook to the network, ...). my solution to the problem was:

set up a dhcp server.
the servers got static ip adresses (172.16.0.x)
the employes can't change there ip settings and there computers are configuered to use dhcp.
The dhcp server has an address pool (172.16.2.x - 172.16.254.x).
For special computers (print-servers, propitary software on some clients, ...) i have reserved ip-addresses (172.16.1.x). The ip's are connected with a mac address so i have to update my reserved ip-mac only if i change some special workstations.

johannes
"First off, I'd suggest printing out a copy of the GNU coding standards, and NOT read it. Burn them, it's a great symbolic gesture." (Linus Torvalds)
0 Kudos
Reply
Yu Wang_1
New Member

‎10-06-2004 01:51 AM

‎10-06-2004 01:51 AM

Re: IP Conflict

Try to put all servers in a VLAN and put rest of ports that allow users to plugin in a different VLAN. This way, user can only mess up within that VLAN.

--Yu
0 Kudos
Reply
Yong_7
Frequent Advisor

‎10-06-2004 04:03 AM

‎10-06-2004 04:03 AM

Re: IP Conflict

Hi Leovino,

if you major concern is public IP conflict. say the Public IPs you got from your ISP conflict with other customers like you. then in order to trace to who have that conflict IPs, the ISP would be good contact.

of course, to trace who is using the IPs you think belong to you, ARP will help you and your ISP to dig that out. as other folks mentioned before, we need well-maintained operation process to handle IP assignment internally ( your company )/ externally ( ISP etc. )

YJ
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.