Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Users might experience few discrepancies in Search results. We are working on this on our side. We apologize for the inconvenience it may have caused.
New Member

Cisco 3850 logging……

why?

Feb 25 09:18:51: *%APF-4-ADD_TO_BLACKLIST_REASON: 1 wcm:  Client 3859.f9e6.55da (AuditSessionID: 0a41c864530bef55000001a5) was added to exclusion list. Reason: IP address theft 

Feb 25 09:18:51: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:18:56: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:01: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:03: *%APF-4-ADD_TO_BLACKLIST_REASON: 1 wcm:  Client 3c77.e692.60af (AuditSessionID: 0a41c864530bee700000018d) was added to exclusion list. Reason: IP address theft 

Feb 25 09:19:06: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:11: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:16: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:17: *%APF-4-ADD_TO_BLACKLIST_REASON: 1 wcm:  Client 0024.d6a8.ff6a (AuditSessionID: 0a41c864530bef240000019f) was added to exclusion list. Reason: IP address theft 

Feb 25 09:19:21: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:27: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:32: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:37: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:42: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:47: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:52: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:57: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:02: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:06: *%APF-4-ADD_TO_BLACKLIST_REASON: 1 wcm:  Client 74e5.432d.b5a9 (AuditSessionID: 0a41c864530befc4000001ac) was added to exclusion list. Reason: IP address theft 

Feb 25 09:20:07: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:12: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:17: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:22: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:27: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:28: *%APF-4-ADD_TO_BLACKLIST_REASON: 1 wcm:  Client 3859.f9e6.55da (AuditSessionID: 0a41c864530befd5000001af) was added to exclusion list. Reason: IP address theft 

Feb 25 09:20:32: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:37: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:42: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:47: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:18:51: *%APF-4-ADD_TO_BLACKLIST_REASON: 1 wcm:  Client 3859.f9e6.55da (AuditSessionID: 0a41c864530bef55000001a5) was added to exclusion list. Reason: IP address theft 

Feb 25 09:18:51: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:18:56: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:01: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:03: *%APF-4-ADD_TO_BLACKLIST_REASON: 1 wcm:  Client 3c77.e692.60af (AuditSessionID: 0a41c864530bee700000018d) was added to exclusion list. Reason: IP address theft 

Feb 25 09:19:06: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:11: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:16: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:17: *%APF-4-ADD_TO_BLACKLIST_REASON: 1 wcm:  Client 0024.d6a8.ff6a (AuditSessionID: 0a41c864530bef240000019f) was added to exclusion list. Reason: IP address theft 

Feb 25 09:19:21: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:27: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:32: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:37: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:42: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:47: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:52: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:19:57: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:02: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:06: *%APF-4-ADD_TO_BLACKLIST_REASON: 1 wcm:  Client 74e5.432d.b5a9 (AuditSessionID: 0a41c864530befc4000001ac) was added to exclusion list. Reason: IP address theft 

Feb 25 09:20:07: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:12: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:17: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:22: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:27: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:28: *%APF-4-ADD_TO_BLACKLIST_REASON: 1 wcm:  Client 3859.f9e6.55da (AuditSessionID: 0a41c864530befd5000001af) was added to exclusion list. Reason: IP address theft 

Feb 25 09:20:32: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:37: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:42: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

Feb 25 09:20:47: %WCDB-3-WCDB_IP_CONFLICT: IP theft found!! The wired client-0024.d705.0621 source-IP SNOOPING tries to steal the IP 10.65.8.165 of the wireless host-0026.b968.b39b source-ARP

1 ACCEPTED SOLUTION

Accepted Solutions
VIP Purple

HiTry it like this , repalce

Hi

Try it like this , repalce ABC with your WLAN name

wlan ABC
 shut
 no exclusionlist
 no shutdown

HTH

Rasika

**** Pls rate all useful responses ***

16 REPLIES
New Member

Cisco 3850 logging……

Getting same errors?  Anybody?

New Member

I'm having the same issue. We

I'm having the same issue. We're using Cisco 3850 (WS-C3850-48P  IOS v03.03.04SE) as WLC. 

 

Basically a wireless client looses their connection to the SSID, then this pops up in the log. They're unable to rejoin immediately, but can soon after. It seems to happen to some users frequently while others not often. 

 

I read the article but fail to make a connection how that applies to my situation or what I should do to fix it. Any help or advise would be greatly appreciated. 

 

Nov  7 13:23:28.108 CST: *%APF-4-ADD_TO_BLACKLIST_REASON: 1 wcm:  Client 7c7a.91c6.151f 

(AuditSessionID: 0a0afc02545d0b840000d3b7) was added to exclusion list. Reason: IP address 

theft  

VIP Purple

Disable client exclusion

Disable client exclusion under WLAN & see if that helps

HTH

Rasika

**** Pls rate all useful responses ****

New Member

Would you mind sharing the

Would you mind sharing the command for that?

VIP Purple

HiTry it like this , repalce

Hi

Try it like this , repalce ABC with your WLAN name

wlan ABC
 shut
 no exclusionlist
 no shutdown

HTH

Rasika

**** Pls rate all useful responses ***

New Member

Hi, I have a similar case in

Hi,

 

I have a similar case in which Wireless and Wired users are using the same vlan and  I am experiencing some problems with it  (conflict, dhcp ...) and  receiving the log: %WCDB-3-WCDB_IP_CONFLICT: The host xxxx.xxxx.xxxx source-ARP on Interface Capwap2 is using the IP 10.x.x.x of the host yyyy.yyyy.yyyy source-ARP on Interface Capwap1

 

I already have the no exculsion list configured under the wlan.

Any idea on the reason behind it?

 

 

VIP Purple

Split wired & wireless users

Split wired & wireless users into two seperate vlans & enable DHCP snooping for wireless user vlan.

That is the recommended way

 

HTH

Rasika

New Member

Hi Rasika,

Hi Rasika,

Please help, regarding snooping the feature should be enabled on core switch or in WLC it self?

I'm also receiving the error: %WCDB-3-WCDB_IP_CONFLICT on my WLC 5760 and users are experiencing very solw network expirience and I don't if it's related.

Hope ear back from you soon.

Regards,

Alcides

VIP Purple

It should be on your WLC-5760

It should be on your WLC-5760 for wireless user vlans.

Are you using 5760 in converged access setup or as traditional central wireless controller ?

HTH

Rasika

New Member

Hi Rasika,

Hi Rasika,

It's a traditional WLC setup.

I'm trying to find the blackhole because sometimes users are facing slow network acess when they are using the wireless conncetion.

Please advice where should I start looking.

Regards,

AM

New Member

I just wanted to say thanks

I just wanted to say thanks to Manan - adding the no exclusionlist to my networks resolved about a dozen device connectivity issues. Thanks!

VIP Purple

Good to hear that.. yes that

Good to hear that.. yes that feature causing more bad user experience. 

Rasika

New Member

Can I ask what the problem

Can I ask what the problem was here, getting the same.

 

Thanks

VIP Purple

HiAre you using same vlan for

Hi

Are you using same vlan for wired & wireless users (or does your 3850 enable for wireless & manage AP ?)

Rasika

New Member

Hi, We have expirienced the

Hi,

 

We have expirienced the same issue.

We don't using same vlan wired and wireless, but we have two standalone controllers (CT5760) with mobillity between them.

actually, when user mobile from one controller to another we see the same log.

 

2049
Views
10
Helpful
16
Replies
CreatePlease to create content