VigorSwitch - IP Conflict Prevention

Have you ever had a network outage, caused accidentally by someone plugging in a new access point, or printer?

Simply because that new device has the same IP address as the network server, or router.

DrayTek's IP Conflict Prevention system is a comprehensive and easy to use tool to help you protect against IP conflicts and other network issues.

It's available on most DrayTek VigorSwitch switch models from firmware 2.4.0 onwards.

ipconflict1

To protect your network and essentially make it foolproof, IP Conflict Prevention takes a snapshot of your network design, so that it's aware of where your servers, router and wireless access points are all connected up, as well as which ports are used to connect normal computers and laptops.

With that knowledge, the VigorSwitch makes smart decisions on the fly to handle network problems when they occur, so that those problems can't have a larger effect on the network, avoiding disruption to access of network resources, or the Internet.

Port conflict visble from VigorSwitch dashboard

This means that in the event of a network problem, like an IP conflict with an important server, or an extra DHCP server on the network, or more complicated issues like ARP poisoning and spoofing, the VigorSwitch can ignore the newly connected or disruptive device and continue to provide service, without intervention being required.

Here are some examples of common network problems that could cause downtime, or malfunctions in network services:

Network Problem What it breaks
IP Conflict Two devices using the same IP address can break network connectivity for both devices. Can break Internet access if the router or server IP address has a conflict.
DHCP Conflict More than one DHCP server on the network. Can give out incorrect IP addresses through DHCP, or force the main DHCP server offline.
ARP Poisoning & Spoofing Incorrect or malicious ARP (Address Resolution Protocol) responses on the network. Redirecting traffic to an incorrect location, or to nowhere.


How DrayTek's IP Conflict Prevention Helps

To help protect your network, DrayTek's IP Conflict Prevention system manages and provides an easy to use front-end for; IP Source Guard, DHCP Snooping and Dynamic ARP Inspection.

With IP Conflict Prevention, instead of setting up each of these features manually, requiring significant networking know-how to do so, DrayTek's IP Conflict Prevention system is easily put in place with the setup wizard:

Problem Solution How it helps
IP Conflict

DrayTek
IP Conflict Prevention

IP Source Guard Creates a fixed link between a server's IP address, its MAC (network hardware) address and the physical port. The Switch will only communicate to that IP using the set Port and MAC address.
DHCP Conflict

DrayTek
IP Conflict Prevention

DHCP Snooping Limits DHCP responses through the switch so that only the DHCP server port can send DHCP responses.
ARP Poisoning & Spoofing

DrayTek
IP Conflict Prevention

Dynamic ARP Inspection Checks DHCP packets and other information to discern legitimate ARP responses from incorrect ones. Incorrect ARP responses are dropped by the switch so that they can’t affect network function.

Using IP Conflict Prevention

When IP Conflict Prevention has been set up and enabled, it will be protecting your network against ARP spoofing, IP and DHCP conflicts with no further configuration needed.

If a conflict or problem does occur, the VigorSwitch will display this in its web interface from the Dashboard and the IP Conflict Prevention page, showing which ports and addresses have a conflict.

If an issue occurs, the switch can send out an email notification to an administrator so that the fault can be looked into, but once IP Conflict Prevention is configured, these network problems can't affect actual operation of the network.

Locate IP Conflicts Quickly

The IP Conflict Prevention system gives a visual overview of where port conflicts are occurring on the network, allowing you to quickly locate and resolve issues. In addition, any important addresses set up as Protected Hosts with the switch will be protected.

If an IP conflict occurs between an unknown device and a Protected Host, such as a router or network server. The VigorSwitch will ignore the unknown device in favour of the Protected Hosts port and MAC address, ensuring network services are unaffected by the problem. To learn more about Protected Hosts, see the setup section below.

DHCP Server Protection

IP Conflict Prevention gives you full control over how DHCP passes through your network. Once configured, only the selected DHCP server port can issue IP addresses. Any additional DHCP servers on the network won't receive the DHCP requests and any spurious DHCP responses will be dropped by the VigorSwitch.

Remote Management of IP Conflicts with VigorACS

Maintain networks far away and spanning multiple sites with VigorACS. The IP Conflict Prevention system is fully integrated with VigorACS, allowing it to be checked and configured remotely through the central management portal.

Email Notifications

Using the VigorSwitch's Mail Alert system, the switch can send out an email to one or more network administrators so that the problem can be investigated further. Extensive support for mail protocols with SSL/TLS and StartTLS encryption support allow the switch to work with most mail systems.

IP Conflict Prevention Setup

To use IP Conflict Prevention effectively, initial setup is performed using the Setup Wizard in the IP Conflict Prevention menu. This is so that the VigorSwitch knows which ports do what and can provide effective protection against network issues, ensuring that servers and other systems stay online when conflicts occur.

Port conflict visble from VigorSwitch dashboard


Simply specify which ports are hooked up to your servers, routers, printers and other fixed network devices, change the port's type by clicking on a port in the virtual port view. The colour indicates the port type and its intended network function.

This will cycle through the various port types, described in more detail in this table:

Select which ports can change frequently, for instance ports used for a hot-desk, IP Phone, wireless access point or a PC.It's often best to set these as 'DHCP Client' ports for single devices, or 'Multiple Hosts' if there's a switch, or you're not sure.

The VigorSwitch will then probe the network to determine the IP and MAC addresses available on each of the switch ports. Once that's completed, the switch will list Protected Hosts to set up.

Port Types Description
DHCP Client

DHCP Client
Use this for regular PCs, laptops, IP phones and hot desks.

Multiple Hosts - Switches & Access Points

Multiple Hosts (Switches & APs)
More than one device is connected to this port. Use this to connect other Switches, wireless access points, and IP phones providing network connection to a PC.

Static Devices - Printers & Servers

Static Bind (Servers)
Use this for single devices connected to a Switch Port that have a fixed IP. Ideal for Servers and Printers.

Network DHCP Server

DHCP Server
Use this for a network's DHCP server connected directly on this port.

DHCP Server or router & multiple hosts

Router or DHCP Server + Multiple Hosts
Use this for a router providing DHCP, or a DHCP server connecting through another switch on this port.

IP Conflict Prevention Setup - Protected Hosts

Protected Hosts are switch port + IP address + MAC address combinations that are protected by the switch, so that if any new network devices try to use the address of a Protected Host, the VigorSwitch will know which of the two to continue talking to.

The setup wizard will suggest Hosts to protect on the network that it's detected on each port. You can add additional ones if required later on.


Once these are specified, the wizard can then turn on IP Conflict Prevention. This manages the IP Source Guard, DHCP Snooping and Dynamic ARP Inspection in the background without additional setup required.

Protected Hosts


VigorSwitch Models

To find out which DrayTek switches support IP Conflict Prevention and find the best switch for your network, see the comparison chart: VigorSwitch Comparison Chart