Port Security and Duplicate IP's

Unanswered Question
Feb 11th, 2008
User Badges:
  • Bronze, 100 points or more

I'm trying to track down the logic for this, any help would be appreciated.

For reference, Computer A is attached to Switch A, Computer B is attached to Switch B. Both computers have the same IP address assigned, one obtained through DHCP, the other erroneously statically set.

Port-securtiy is triggered on switch A because the maximum mac-count on the port had been reached. The mac-address that triggered this even belongs to Computer B attached to Switch B.

How did a computer attached to Switch B trigger a port-security event on Switch A based on a duplicate IP address?

Closests answer I have so far is based on gratuitous ARP that windows uses to detect duplicate IP addresses, but that doesn't not explain to me how a frame with the source mac-address of Computer B originated from Computer A's port.

Thanks in advance,


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
xcz504d1114 Mon, 02/11/2008 - 12:30
User Badges:
  • Bronze, 100 points or more

Answered my own question, gratuitous ARP's are sent out by windows to detect if there is already a machine with that IP already on the network, it then sends out another gratuitous ARP with a spoofed mac-address of the original machines MAC to correct the ARP tables of any other devices that might have recieved the original g-ARP.


This Discussion