If the network user does not set the IP address according to the regulations, the IP address conflict phenomenon is inevitable. Once this phenomenon occurs frequently, it will not only affect the efficiency of the Internet access, but also is not conducive to the stable operation of the LAN network.
In order to improve the stability of the LAN operation, we can't wait for the IP address conflict to occur, but we should find a way to deal with it. Instead, we should take the initiative to let the Internet users not be able to grab other IP addresses in the LAN to control IP address conflicts.
For example, there are about 150 network nodes in the LAN. These network nodes are evenly distributed on six floors. The network nodes in each floor are connected to the common Layer 2 switches through 100M twisted pair cables, and each common Layer 2 switch passes through. The 1000M fiber-optic cable is connected to the QuidWay S9300 series routing switch. To ensure network access security, all network nodes are interconnected with the Internet through the Venus hardware firewall.
Currently, the unit LAN uses the IP address of the 10.168.163.0 network segment. The default gateway address used in this network segment is 10.168.163.1, and the subnet mask address is 255.255.255.0. Because the network segment can have more than 250 IP address, in practice usually only use more than 150 addresses, obviously enough address space margin can fully meet the increasing number of workstations.
However, since the unit LAN uses a static address allocation method, whenever the workstation system suddenly crashes or encounters a virus attack and cannot be started normally, the Internet users are free to reinstall the system and modify the Internet address. As a result, IP address conflicts frequently occur in the LAN. This not only seriously affects the normal online access of others, but also increases the maintenance workload of the network administrator.
In order to effectively prevent the Internet users from arbitrarily changing the IP address, the author intends to use the address binding method to bind the IP address of the workstation to the physical address of the corresponding NIC device; however, this method has not been formally implemented, and it has been the same. The opposition of the network administrator colleagues, he believes that this method is not a cure, because Internet users can still modify the physical address of the network card to steal other people's IP address, obviously this is not the most effective solution.
In order to completely solve the IP address conflict problem, we need not only bind the IP address that has been assigned in the LAN to the corresponding NIC device, but also bind the IP addresses that are in the idle state, so that the Internet users can You cannot use the IP address of an already connected workstation, and you cannot use the free IP address in the LAN. Therefore, as long as the Internet user in the LAN changes the IP address arbitrarily, he cannot access the LAN network normally.
However, after this configuration, it also brings another trouble, that is, if there are new users in the LAN that need to access the Internet, they cannot choose the IP address by their own director, but must separately apply to the network administrator for online access. After receiving the application, the administrator needs to log in to enter the switch background management system to assign a number to the idle address, and the Internet user can connect to the LAN normally.
Practice has proved that this method can not only effectively avoid the IP address conflict failure, but also effectively prevent the network virus from illegally spreading through the LAN, thus effectively ensuring the stable operation of the LAN!
Through the above configuration, all IP addresses in the LAN are successfully controlled. Any user who changes the IP address privately will not be able to access the network. Although the entire control process is a bit complicated, it can well control the access security of the network. Avoid workstations that don't know the truth. Bring network viruses or Trojans into the LAN working environment.
Mini Digger,Excavator 800 Kg,0.8 Ton Mini Excavator,800Kg Mini Excavator
Shandong Hexu Machinery Equipment Co.,Ltd , https://www.sdhxmachinery.com