Received ARP response collision from

Unanswered Question
Feb 21st, 2010
User Badges:

I'm trying to work out this issue...


source, switchA =        192.168.0.4

FW1     =                    192.168.0.1

FW1_Transit =             192.168.4.1

FW2_Transit =             192.168.4.7

FW1_VLAN =              192.168.12.0 /25

destination, SwitchB = 192.168.12.10


I setup a capture to watch the traffic and see it all the way onto the destination VLAN (192.168.12.0/25).


However, I dont see the traffic coming back  on this VLAN Interface.


I setup a policy NAT as follows:


access-list PNAT-3612 extended permit ip any 192.168.12.0 255.255.255.128
global (TD_3Tier_HQ_App_NLB) 1 interface
nat (TD_3Tier_Web_2_App) 1 access-list PNAT-3612 outside


which appears to cause the traffic to come back on that interface, BUT, I dont see it hit the ACL, and the log output shows the following error:


Received ARP response collision from 192.168.12.10/8843.e17f.9041 on interface TD_3Tier_HQ_App_NLB (this being the name of the vlan interface)


Is this implying a duplicate IP somewhere?


thanks in advance.


Bruce

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Bruce Summers Sun, 02/21/2010 - 11:59
User Badges:

ooops....Sorry folks...


As I typed all that out, it got me to thinking...possibly I do have a duplicate...checked another switch, and there it was...duplicate IP...



bruce

Bruce Summers Sun, 02/21/2010 - 12:01
User Badges:

well,


that got rid of the duplicate ip and error, but i'm still not seeing the traffic hitting that return interface...


thought the P NAT would take care of that...


bruce

Kureli Sankar Sun, 02/21/2010 - 13:43
User Badges:
  • Cisco Employee,

Bruce,

If the response traffic isn't coming back you need to check the following.

1. capture on the desination host and make sure it is responding and make sure it is sending the response to the correct mac address.

2. Make sure the destination host has a route to get back to the source host network. If you need to check it's default gateway you need to do make sure that GW has a route back to the source network.


-KS

Bruce Summers Sun, 02/21/2010 - 15:46
User Badges:

KS,


1. It's not actually a host. It is an SVI on an access switch. My capture however, doesn't show return traffic

2. another problem has cropped up...i can no longer see the traffic making it through the firewall...I'll have to figure that out before I can move forward ...



Bruce Summers

DHS OCIO

Network Engineering

[email protected]

bb: 202-503-7628

desk: 228-813-4838

Actions

This Discussion