08-15-2006 04:50 PM - edited 03-03-2019 04:31 AM
Hi, I would appreciate some advise on the following:
The following syslog message is received.
%IP-4-DUPADDR: Duplicate address 10.10.10.254 on Vlan10, sourced by 0800.09b2.1a4e
As the duplicate address of 10.10.10.254 is the gateway address, it causes the network of the vlan to go down. Hence, knowing the duplicate address having the mac address of 0800.09b2.1a4e, is there a way to
1) block the mac address or
2) determine where is the duplicate ip address of 10.10.10.254 and shutdown the port?
Thanks
Christina
08-15-2006 05:02 PM
Christina,
You need to shut down the port to which this user is connected to address this problem. You can trace to the port to which this host is connected. You can issue the command 'show mac-address-table address 0800.09b2.1a4e' and if the port happens to connect to another switch then telnet to that switch and continue the same process to the end. The command on CATos switches is different and you can issue the command show cam dynamic 08-00-09-b2-1a4e to see the associated port.
Good Luck!
Regards,
Sundar
08-15-2006 05:24 PM
Hi Sundar,
Thanks for the sharing.
Yes, need to go switch by switch to find out.
1) is there a tool/application to determine which port has this mac address immediately?
or
2) how to block the mac address?
Thanks,
Christina
08-15-2006 05:03 PM
To determine the port that is the source of the mac address you can query the switch with the "show mac address-table H.H.H" where H.H.H is the 48-bit MAC address if switch is running IOS, or "show cam HH-HH-HH-HH-HH-HH" if the switch is running CAT-OS.
If your switch network is comprised of distribution and access switches you will need to run this command on each switch and trace it to the source. For example, if you find the mac address on the distribution switch belonging to link to another switch, you then need to go to that switch and find the port there, and so on until you locate the switch and port with the host.
Hope this helps
08-15-2006 05:29 PM
Hi,
thanks for the advise.
the syslog message of %IP-4-DUPADDR: Duplicate address 10.10.10.254 on Vlan10, sourced by 0800.09b2.1a4e is found on the distribution switch. However, there are alot of edge switches.
As discussed earlier, is there
1) a tool/application which can detect the mac-address immediately so that the port can be determined and shutdown immediately
or
2) how to block the mac address at the core/distribution switch?
Thanks.
Christina
08-15-2006 05:39 PM
Christina
I do not know of a tool or an application that will detect the MAC address immediately.
I am not aware of a good way to block that MAC address.
What most of us do is the labor intensive routine of show mac-address-table (or show cam dynamic on CATOS switches). If it points to an access port you know what to shut down. If it points to a trunk port then you go to the switch to which it connects and do the show commands on that switch.
HTH
Rick
08-15-2006 06:28 PM
Use ARP Inspection feature:
arp access-list arp-inspection
permit ip host 10.10.10.254 mac host [gateway MAC] log
deny ip host 10.10.10.254 mac any log
permit ip any mac any
ip arp inspection vlan 10
ip arp inspection filter arp-inspection vlan 10 static
08-15-2006 07:15 PM
Hi all,
thank you all for your advise.
Christina
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: