cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1682
Views
10
Helpful
7
Replies

%IP-4-DUPADDR

neo_christina
Level 1
Level 1

Hi, I would appreciate some advise on the following:

The following syslog message is received.

%IP-4-DUPADDR: Duplicate address 10.10.10.254 on Vlan10, sourced by 0800.09b2.1a4e

As the duplicate address of 10.10.10.254 is the gateway address, it causes the network of the vlan to go down. Hence, knowing the duplicate address having the mac address of 0800.09b2.1a4e, is there a way to

1) block the mac address or

2) determine where is the duplicate ip address of 10.10.10.254 and shutdown the port?

Thanks

Christina

7 Replies 7

Christina,

You need to shut down the port to which this user is connected to address this problem. You can trace to the port to which this host is connected. You can issue the command 'show mac-address-table address 0800.09b2.1a4e' and if the port happens to connect to another switch then telnet to that switch and continue the same process to the end. The command on CATos switches is different and you can issue the command show cam dynamic 08-00-09-b2-1a4e to see the associated port.

Good Luck!

Regards,

Sundar

Hi Sundar,

Thanks for the sharing.

Yes, need to go switch by switch to find out.

1) is there a tool/application to determine which port has this mac address immediately?

or

2) how to block the mac address?

Thanks,

Christina

chrihussey
VIP Alumni
VIP Alumni

To determine the port that is the source of the mac address you can query the switch with the "show mac address-table H.H.H" where H.H.H is the 48-bit MAC address if switch is running IOS, or "show cam HH-HH-HH-HH-HH-HH" if the switch is running CAT-OS.

If your switch network is comprised of distribution and access switches you will need to run this command on each switch and trace it to the source. For example, if you find the mac address on the distribution switch belonging to link to another switch, you then need to go to that switch and find the port there, and so on until you locate the switch and port with the host.

Hope this helps

Hi,

thanks for the advise.

the syslog message of %IP-4-DUPADDR: Duplicate address 10.10.10.254 on Vlan10, sourced by 0800.09b2.1a4e is found on the distribution switch. However, there are alot of edge switches.

As discussed earlier, is there

1) a tool/application which can detect the mac-address immediately so that the port can be determined and shutdown immediately

or

2) how to block the mac address at the core/distribution switch?

Thanks.

Christina

Christina

I do not know of a tool or an application that will detect the MAC address immediately.

I am not aware of a good way to block that MAC address.

What most of us do is the labor intensive routine of show mac-address-table (or show cam dynamic on CATOS switches). If it points to an access port you know what to shut down. If it points to a trunk port then you go to the switch to which it connects and do the show commands on that switch.

HTH

Rick

HTH

Rick

lisong.wang
Level 1
Level 1

Use ARP Inspection feature:

arp access-list arp-inspection

permit ip host 10.10.10.254 mac host [gateway MAC] log

deny ip host 10.10.10.254 mac any log

permit ip any mac any

ip arp inspection vlan 10

ip arp inspection filter arp-inspection vlan 10 static

Hi all,

thank you all for your advise.

Christina

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: