Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5647
Views
0
Helpful
4
Replies

Received ARP response collision from

Bruce Summers
Level 1
Level 1

‎02-21-2010 11:57 AM - edited ‎03-11-2019 10:12 AM

I'm trying to work out this issue...

source, switchA =        192.168.0.4

FW1     =                    192.168.0.1

FW1_Transit =             192.168.4.1

FW2_Transit =             192.168.4.7

FW1_VLAN =              192.168.12.0 /25

destination, SwitchB = 192.168.12.10

I setup a capture to watch the traffic and see it all the way onto the destination VLAN (192.168.12.0/25).

However, I dont see the traffic coming back  on this VLAN Interface.

I setup a policy NAT as follows:

access-list PNAT-3612 extended permit ip any 192.168.12.0 255.255.255.128
global (TD_3Tier_HQ_App_NLB) 1 interface
nat (TD_3Tier_Web_2_App) 1 access-list PNAT-3612 outside

which appears to cause the traffic to come back on that interface, BUT, I dont see it hit the ACL, and the log output shows the following error:

Received ARP response collision from 192.168.12.10/8843.e17f.9041 on interface TD_3Tier_HQ_App_NLB (this being the name of the vlan interface)

Is this implying a duplicate IP somewhere?

thanks in advance.

Bruce

Labels:
0 Helpful
4 Replies 4

Bruce Summers
Level 1
Level 1

‎02-21-2010 11:59 AM

ooops....Sorry folks...

As I typed all that out, it got me to thinking...possibly I do have a duplicate...checked another switch, and there it was...duplicate IP...

bruce

0 Helpful

Bruce Summers
Level 1
Level 1
In response to Bruce Summers

‎02-21-2010 12:01 PM

well,

that got rid of the duplicate ip and error, but i'm still not seeing the traffic hitting that return interface...

thought the P NAT would take care of that...

bruce

0 Helpful

Kureli Sankar
Cisco Employee
Cisco Employee
In response to Bruce Summers

‎02-21-2010 01:43 PM

Bruce,

If the response traffic isn't coming back you need to check the following.

1. capture on the desination host and make sure it is responding and make sure it is sending the response to the correct mac address.

2. Make sure the destination host has a route to get back to the source host network. If you need to check it's default gateway you need to do make sure that GW has a route back to the source network.

-KS

0 Helpful

Bruce Summers
Level 1
Level 1
In response to Kureli Sankar

‎02-21-2010 03:46 PM

KS,

1. It's not actually a host. It is an SVI on an access switch. My capture however, doesn't show return traffic

2. another problem has cropped up...i can no longer see the traffic making it through the firewall...I'll have to figure that out before I can move forward ...

Bruce Summers

DHS OCIO

Network Engineering

bruce.summers@associates.dhs.gov

bb: 202-503-7628

desk: 228-813-4838

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card