Easily resolve lan ip conflicts

As a typical enterprise network architecture, the network topology of this unit is roughly divided into three levels, and all use beidian products. Level 1 consists of ATM switches, network servers, multimedia workstations, and other work on the backbone network. Level 2 consists of a large number of Ethernet switches, providing high-density ports for Level 3 desktops. And provides the actual VLAN Port Based on the divided VLAN (Vitual Local Area Network. The network protocol uses TCP/IP, and static IP Address Allocation is used for IP address planning, which is uniformly planned by network administrators.
Question proposal

We know that when using the TCP/IP protocol on the Internet and Intranet, each host must have an independent IP address, hosts with IP addresses can communicate with other hosts on the network. With the vigorous promotion of network applications, network customers rapidly expand. Due to the allocation of static IP addresses, IP address conflicts are troublesome. IP address conflicts have a very bad impact. First, network customers cannot work normally. As long as conflicting machines exist on the network, as long as the power is turned on, there will be Frequent address conflicts on the client: "If the security policies (such as access permissions and Access Control) of an application on the network are based on IP addresses, this illegal IP address user poses a serious threat to the security of the application system.

Cause Analysis

Problems sometimes cannot be detected in time. problems can be discovered only when conflicting network customers are in the starting status at the same time, so they are quite concealed. The cause of the analysis may be IP address conflict in the following situations.

1. Many users do not know about TCP/IP, and do not know how to set parameters such as "IP address", "subnet mask", and "Default Gateway, sometimes the user does not obtain the preceding parameter information from the Administrator, or the user has no intention to modify the information. 2. When the administrator or user sets the parameter based on the preceding parameter provided by the Administrator, parameters are incorrect due to errors. 3. Maintenance personnel use temporary IP addresses during client service debugging. 4. Someone steals others' IP addresses.

Solution

After receiving the conflict report, we first determine the VLAN in which the conflict occurs. Through the vlan definition planned by the IP address, and the conflicting IP address, we can find the network segment where the conflicted IP address is located. This is critical to successfully finding the MAC address of the NIC, because some network commands cannot be accessed across network segments.

First, isolate the client from the network so that the computer with the illegal IP Address can run on the Internet, and the network administrator can find it. The Application Network Test Commands include the ping command and the arp command. Run the ping command. Assume that the IP address is 10.119.40.40. In the msdos window, the command format is as follows. The ITALIC part is the command result.

C: WIDOWS> ping 10.119.40.40

Request timed out

Reply from 10.119.40.40: bytes = 32 time <1 ms TTL = 128 omitted

We need to ping this machine for two purposes. First, we need to know that the machine we are looking for is indeed on the network. Second, we need to know the MAC address of the NIC of this machine, so how do we know its MAC address? This requires the second command arp: The arp command can only be used in a VLAN. It is a low-layer protocol and cannot be used across routes.

C: WIDOWS> arp-

Interface :...... On Inerface ......

Internet Address/Physical Address/Type

10.119.40.40/00-00-21-34-63-56/dynamic

The above list shows that the MAC address of the NIC at 10.119.40.40 is 00-00-21-34-63-56. Next we will find the physical location of the NIC whose MAC address is 00-00-21-34-63-56.

As described in the network introduction, the network adapter of each client is directly connected to the second-level switch. Next we will look for a large number of Ethernet switches, which are the switch ports corresponding to the conflicting MAC. The device connected to the customer in this network is Bay 303/304. This article uses 303 as an example to describe how to find the Port location of a MAC address. Bay303 has multiple network management methods. The following describes how to find illegal MAC in a Web browser.

Before searching, you must first determine the switch location in the VLAN and find out the IP addresses of these switches. You can use the switch address to access the network management information of the switch.

* Start the browser on the network manager's machine

* Type the IP address of the vswitch.

* Enter the user name and password after prompting the logon information

* Enter the "MAC Address Table" option

The following table is displayed:

Index/MAC address/Learned on Port/Learning Method/Filter Packets to this Address 1

00: 00: 21: 34: 63: 56

13

Dynamic

No

2

00: 00: 81: 65: c3: a0

N/

Static

No

3

00: 00: a2: f7: c3: e4

25

Dynamic

No

4

00: 00: 21: 34: 63: 56

2

Dynamic

No

Below.

Now you can see the index's 4th items, which are exactly the MAC address we are looking for. Its port number is 2. based on the integrated wiring data, you can find the physical location of the corresponding information point to locate the connected microcomputer location. Of course, here is an example of a specific vswitch. In actual work, we need to find many vswitches to find the MAC address we are looking, when there are a large number of switches in a VLAN, we need to find them one by one in these switches until they are found. This is a very cumbersome task.

If a vswitch has a downlink switch on its port, because the switch supports multiple MAC addresses, the lower-level MAC address is recorded in the upper-level MAC table, therefore, first look for the MAC table of the upper-level switch, determine the specific location, and then look for the next-level switch, which will greatly reduce the search range.

Management Policy

For LAN, such IP address conflicts often occur. The larger the number of users, the more difficult it is to find, so the network administrator must think deeply about it. Currently, there are two solutions: Dynamic IP Address Allocation (DHCP) and static address allocation, but the management of MAC addresses must be enhanced.

The biggest advantage of using dynamic IP Address Allocation (DHCP) is that the client network configuration is very simple. Without the help and intervention of the Administrator, you can configure the network connection on your own. However, because the IP address is dynamically allocated, the network administrator cannot identify the customer from the IP address, and the corresponding IP layer management will be ineffective. Additionally, an additional DHCP server is required for dynamic IP Address allocation.

By using static IP Address Allocation, you can make reasonable IP address planning for each department, so that you can easily track and manage the MAC address on the third layer, it will also effectively solve this problem.

When a network user connects to the network, an information file of the IP address and MAC address is established, and strict management and registration systems are enforced for LAN customers from beginning to end, record the IP address, MAC address, uplink port, physical location, and user identity of each user in the database of the network administrator. In our above case, if we know the MAC address of an invalid user, we can search for it from the administrator database. If we have a comprehensive record of the MAC address, we can immediately find specific user information, which saves us a lot of valuable time and avoids the troubles of haystack. At the same time, we should avoid using IP addresses for permission restrictions for some applications. If we impose restrictions on MAC addresses, it would be much safer, this can effectively prevent hackers from stealing IP addresses.