Configuring IP Conflict Prevention
You can prevent users from using an IP Address that is already assigned to another device. IP conflicts can result in routing issues, or users can gaining privileges they were not intended to have. For instance, an Administrator could have a designated IP Address set up to allow internet access, while all others are blocked. If an employee is able to change their IP to that designated address, then that employee will gain internet access when they are not allowed to.
How IP Conflict Prevention Works
The Sensor watches and analyzes packets that are being sent from each device. When a new node is detected, the Sensor sends a gratuitous ARP request. If a machine receives an ARP request containing a source IP that is reserved for another MAC address, a conflict is identified, and the offending node will be enforced against.
To Enable IP Conflict Prevention
- Go to Management > Node in the top panel
- Click on the desired node IP
- Click Policy tab
- Find IP Policy section, select Allow IP – Enable Conflict Prevention
- Enter MAC Address(es) in the form below to allow them to use the IP.
- Click Update
To Disable IP Conflict Prevention
- Go to Management > Node in the top panel
- Click on the desired node IP
- Click Policy tab
- Find IP Policy section, select Allow IP – Disable Conflict Prevention
- Click Update