Introduction to IP Theft
The IP Theft feature prevents the usage of an IP address that is already assigned to another device. If the controller finds that two wireless clients are using the same IP address, it declares the client with lesser precedence binding as the IP thief and allows the other client to continue. If blocked list is enabled, the client is put on the exclusion list and thrown out.
The IP Theft feature is enabled by default on the controller. The preference level of the clients (new and existing clients in the database) are also used to report IP theft. The preference level is a learning type or source of learning, such as Dynamic Host Configuration Protocol (DHCP), Address Resolution Protocol (ARP), data glean (looking at the IP data packet that shows what IP address the client is using), and so on. The wired clients always get a higher preference level. If a wireless client tries to steal the wired IP, that client is declared as a thief.
Note |
Some devices might use different MAC addresses but the same IPv6 link-local addresses, for different WLANs. If the devices switch WLANs when they are not in range of the APs, an IP theft event is triggered. To avoid this, we recommend that you lower the idle timeout for the devices. When the devices are out of the APs' range, the idle timeout takes effect and the old entries in the initial WLAN are deleted. |
The order of preference for IPv4 clients are:
-
DHCPv4
-
ARP
-
Data packets
The order of preference for IPv6 clients are:
-
DHCPv6
-
NDP
-
Data packets
Note |
The static wired clients have a higher preference over DHCP. |