Authentication in LAN? (Prevent impersonating IP in LAN)

[codell]

I have a gateway with a few clients.

It's compulsory that the clients can not spoof their LAN IP's.

What's the most simple authentication mechanism for LAN's? Encryption is not necessary (but ok) and MITM in LAN is also not possible.

I simply want to ensure that once a client has been compromised he can not pretend to have another IP.

[spynappels]

You could start by doing some reading of ARP spoofing and seeing how this can be avoided, I'm not sure how you would prevent this in practise though...

[movieman]

IPSEC. It's very hard to spoof but it's far from simple to set up.

Note that they could still fake an IP address -- anyone can do that -- but they won't be able to talk to any other machines since they won't have the correct key to authenticate with.

[codell]

Static ARP entries will work.

[samiux]

I have a gateway with a few clients.

It's compulsory that the clients can not spoof their LAN IP's.

What's the most simple authentication mechanism for LAN's? Encryption is not necessary (but ok) and MITM in LAN is also not possible.

I simply want to ensure that once a client has been compromised he can not pretend to have another IP.

I agreed with codell. If you router can configure to static ARP, it is the better solution to the ARP Spoofing.

One of the threat in the LAN is the ARP Spoofing. You can prevent it by following this tutorial.

Samiux