Avoid deliberate IP conflicts



  • Hi all,  I'd like understand how avoid deliberate IP conflicts.

    An example: pfsense is wan gw to 192.168.1.0/24 and with lan0 192.168.2.0/24 and IP 192.168.2.1 and dhcp server active.

    Now, I put my laptop on that network and manually I set it with 192.168.2.1 and I block the network or create problems.

    How can I resolve this situation? How avoid this problem?

    I know that Cisco has a modality to filter this circumstances.

    thanks for help



  • Stop giving your laptop the same IP address as your gateway. Problem solved.

    Is there some reason you don't let the DHCP server assign it an IP?



  • Useless reply :)

    An example: pfsense is wan gw to 192.168.1.0/24 and with lan0 192.168.2.0/24 and IP 192.168.2.1 and dhcp server active.

    Now, a fool child customers of hotel puts the laptop on that network and manually he sets it with 192.168.2.1 and he blocks the network or create problems.



  • Jailer's answer was quite relevant based on the information you first gave.

    Use a managed switch

    There is all kinds of pertinent information you are not sharing here which could influence anyone's answer.


  • LAYER 8 Global Moderator

    So you want to stop someone from causing problem by purposely setting a dupe IP for your gateway?  Yeah use a NAC/NAP to prevent such people from getting on your network.

    I don't even have to set a dupe to cause problems, just need to flood the network with gratuitous arps pointing to the wrong mac for the IP, or answering arps very quickly with the wrong info, etc.

    There is nothing you can do on pfsense to stop this if that is your question.. Since pfsense has nothing to do with traffic that happens on the network of a specific segment it might have an interface in - it is just the gateway off that segment and yeah it can firewall traffic it sees on its that interface for somewhere else.

    On a host level you could setup static arps for your gateway or any other IPs on your network, so if someone was giving out bad info you wouldn't pay attention to it, etc.


Log in to reply