XII. Firewall/Security Features

VigorSwitch - IP Conflict Prevention

Products:
VigorSwitch G1085
VigorSwitch G1280
VigorSwitch G2100
VigorSwitch G2280
Show all

Keywords:
IP
IP Conflict Prevention
IP conflict
conflict
Show all

DrayTek VigorSwitches running 2.4.0 or later firmware offer advanced IP Conflict Prevention (ICP) feature that can help with the network stability. Time consuming detection of the source of IP conflicts may cause many issues related to distracted connectivity especially on large networks. The new feature helps the administrator to find out the conflicting port and IP and take immediate action.

This article introduces ICP and demonstrates how to use it on VigorSwitches.

kb ip conflict prevention 01 Cover Image of ICP 

Applicable Products

DrayTek VigorSwitch
DrayTek VigorSwitch G1280
DrayTek VigorSwitch G2280
DrayTek VigorSwitch G2280x
DrayTek VigorSwitch G2500
DrayTek VigorSwitch P1280
DrayTek VigorSwitch P2121
DrayTek VigorSwitch P2280
DrayTek VigorSwitch P2280x
DrayTek VigorSwitch P2500

ICP on Multiple Switches

ICP takes the advantages when there are multiple switches on the network, even if not all of them support ICP. The edge switch can be other brands that you already have, and ICP would still work partially.

For example:
PC4 conflicts with PC1: PC4 cannot go through the core switch, but PC4 still can access other hosts within the edge switch.
PC2 conflicts with PC1: PC2 will be locked. It's because PC1 is configured to have the higher priority of using the IP.

kb ip conflict prevention 02 ICP on Multiple switches

Conflict Warning

When IP conflict happens, ICP shows the conflict status on the GUI as depicted below. The network administrator can immedately locate the conflicting port and IP address used by the end device.

 kb ip conflict prevention 03 Lock Down ports

How to Set up ICP?

Quick Start Wizard is an easy and convinient way to configure ICP feature.

kb ip conflict prevention 04 Quick Start Guide

1. In the Quick Start Wizard, first select a port where your DHCP server is connected to.

kb ip conflict prevention 05 Port for DHCP server

2. VigorSwitch will conduct a preliminary detection of the environment and show the port type. If the port is incorrect, click on it to update. The table below lists all port types available for configuration:

DHCP server Tells the Switch which port the DHCP Offer will come from so that it can block illegal DHCP Offers
DHCP Client The Switch automatically learns the DHCP offer/ack of each port, and dynamically adds/removes the IP into the table
Static Binding Use this if a device is configured with a static IP. The switch memorizes the “static IP/port" combination and protects LAN clients on the list
Multiple Hosts For connecting to an AP or a switch. All IPs linked with the port will be protected. If there's a conflict on this port, conflict status will be shown
LAG Accepts multiple ports using the same IP address without looping and conflicting
Multiple Hosts with DHCP Server Accepts several IP addresses linked with a single port; these IP addresses include DHCP Clients and Static IP Clients. A host registered as a DHCP Server is allowed and gains protection

kb ip conflict prevention 06 Port Type

3. The switch will detect your network and shows the Protected Hosts Table. Double check this list and update if needed.

kb ip conflict prevention 07 Confirm Hosts

4. In this step select Enable to start the ICP

kb ip conflict prevention 08 Enable ICP

NOTE:
1. If there are many switches on the network, it is recommended to set the port type first (1-3 step on Wizard), then enable ICP on each layer.

2. VigorSwitch can send the email message to notify the network administrator about the port conflicts. Just go to [Mail Alert] section to enable the notification feature

kb-ip-conflict-prevention-09-ICP-Mail_Alert.png

3. When IP Conflict Prevention is processing, IP conflict detection cannot be enabled.