1

I had a large area LAN. There were many switch and AP on it, then somehow I couldn't ping my servers, and it's said that the IP was duplicated. I use arpwatch and found out that one of the switch flip-flop-ing the IP. I isolated that troublesome switch using his mac-address.

But, since this a large area LAN... I doubt this will be the last cases. If there any software or hardware that I can use to prevent this kind of error?

Sorry for my bad English.

Ta Coen
  • 240
  • 4
  • 15

3 Answers3

2

If you have a very large broadcast domains then think about segmenting it either with vlan's or using a layer 3 switch. You'll be able to put all your AP's onto one vlan and associate end stations with function. You'll also cut-down on broadcast flooding on your switches, thus increasing performance and lowing the possibility that one end station can dos your entire LAN.

Vlan's are powerful stuff, if you have fairly good/modern switches they should support vlans, they just need configuring.

You'll be able to implement a better security policy too.

Was the duplicate IP a configuration problem? or a security problem ;-) .

Segment that lan, before it becomes a monster.

Once you have you vlan's up and going and have regained control of your network, you can look at technologies to prevent ip address duplication.

The Unix Janitor
  • 2,458
  • 15
  • 13
  • +1, Networks shouldn't have more than about 200 hosts per subnet as a very generic rule of thumb. Also configuring the DHCP Server(s) to ping for an address before handing it out makes sure it's not already in use. – Chris S Mar 19 '10 at 13:10
  • Thanks for the lead! I wonder what product that can do layer 3 switch? – Ta Coen Mar 19 '10 at 16:46
1

It may be that you have a switch loop. Are your switches configured to use STP?

joeqwerty
  • 109,901
  • 6
  • 81
  • 172
0

Do you mean a switch took the address, or that a switch was doing something strange to a workstation on one of its ports that made it look like another user's workstation had your server's IP?

Either way, if the assigned IP's weren't working properly and a restart of the switch didn't fix it, it sounds like you have bad hardware either on that switch or at the user's workstation.

Bart Silverstrim
  • 31,172
  • 9
  • 67
  • 87
  • Yes, that's it. The question is how to prevent that "turn-out to be" bad hardware ruins my network? Software/Hardware? – Ta Coen Mar 19 '10 at 13:05
  • VLAN's, segmenting, monitoring...anything that helps cut down on the guesswork and partition off damage to the rest of the network when something like this happens. Having a giant, unchecked network can lead to this happening, while segmenting off logical sections will make it more manageable and contained when it does happen. – Bart Silverstrim Mar 19 '10 at 13:12
  • 1
    But over-segmenting will lead to management headaches too. You'll have to sit down and analyze your network to see where it's best to carve things up (like is your wireless bridged? Does it need to be?) – Bart Silverstrim Mar 19 '10 at 13:13
  • 1
    Basically monitoring. A bad switch can make all kinds of crap that you can not protect against. – TomTom Mar 19 '10 at 20:37