.. _senssing-macip-clone: Controlling Authorized MAC / IP Spoofing Endpoints ==================================================== An unauthorized endpoint may attempt network access by spoofing the MAC and IP of an authorized endpoint. If the same MAC and IP are used as an authorized endpoint, it is difficult to distinguish between authorized/unauthorized at the network level (IP, MAC address). Therefore, in addition to basic MAC/IP information, IP/MAC spoofing is controlled through detection of network packets with the same MAC/IP and MAC change detection from agents. Solution ---------- To control MAC/IP Clone endpoints, Genian NAC provides control methods through both Network Sensors and Agents. - Use the MAC/IP Clone detection function provided by the Network Sensor. - Use the MAC Clone detection function via the Agent. - Use the MAC/IP Clone Anomaly Definition policy. Step.1 Configure Network Sensor MAC/IP Clone Detection #. Go to the top System menu. #. In the left panel, go to Sensor Management. #. Check the checkbox to the left of the Network Sensor item. #. In **Select Tasks**, click Bulk Sensor Settings. #. Check the **MAC+IP Clone Detection** item in the Node Status Check section. #. Click the ``Save`` button at the bottom. Step.2 Confirm Network Sensor Node Status Check Settings #. Go to the top System menu. #. Click the **IP of the Device** for the Network Sensor configured in Step 1. #. Go to the Preferences tab. #. Confirm that the Node Status Check item in Other Settings is configured as follows: - Node Status Check: On - Node Status Check Method: Minimum Period Step.3 Configure MAC/IP Clone Anomaly Definition and Assign Node Policy #. Go to the top Policy menu. #. In the left panel, go to the Anomaly Definition menu. #. Select **MAC/IP Clone Anomaly Definition**. #. In the Options section below, change the **MAC Spoofing Detection** option to ``On`` and click the ``Update`` button at the bottom. #. Go to Node Policy in the left panel. #. Click the **Node Policy Name** of the target to which you want to apply MAC/IP Clone detection. #. Click the ``Assign`` button in the Anomaly Definition section at the very bottom. #. In the pop-up window, move the MAC/IP Clone item to the right and click the ``Update`` button. #. Click the ``Update`` button at the bottom to save the changes. #. Click the ``Apply Change Policy`` button in the top right to apply the policy. Step.4 Network Blocking of Risky Nodes Nodes detected as risky can be controlled via the network using the following method: :ref:`blocking-threats`