Solved: Hi Ruggero Delcuratolo ,We

cobbcobb · ‎05-10-2014

I know this question has been asked a few times before, and I've looked through all of those discussions on the board. None of those have been answered successfully, and I hope that maybe I can describe the problem in a way that will help someone here to find out what I'm missing.

I'm configuring a stack of switches to deploy in a new A/V/L network and I'm running into a duplicate IP error that's showing up ONLY on my SG300 series switches. Here's the setup I'm configuring:

- We have one 3750 Catalyst switch that is at the core of the network

- There are three 2960 switches at the distribution level

- There are nine SG300 small business switches at the access level

GENERAL SETUP STEPS

- IP routing is enabled on the 3750

- I've configured trunk ports to connect all switches together, but I have not activated any access ports

- I created management vlan 255 on all switches

- The management IP scheme I'm trying to use is this:

10.201.255.1/24 = Vlan 255 on the 3750
10.201.255.2/24 = Vlan 255 on 2960 switch
10.201.255.3/24 = Vlan 255 on 2960 switch
10.201.255.4/24 = Vlan 255 on 2960 switch
10.201.255.5/24 = Vlan 255 on SG300 switch
10.201.255.6/24 = Vlan 255 on SG300 switch
10.201.255.7/24 = Vlan 255 on SG300 switch
10.201.255.8/24 = Vlan 255 on SG300 switch
10.201.255.9/24 = Vlan 255 on SG300 switch
10.201.255.10/24 = Vlan 255 on SG300 switch
10.201.255.11/24 = Vlan 255 on SG300 switch
10.201.255.12/24 = Vlan 255 on SG300 switch
10.201.255.13/24 = Vlan 255 on SG300 switch

THE ISSUE

While I'm logged into ANY of the SG300 switches I see an error. This error does not happen with the 2960 or the 3750 switches. Here is the error:
%IPADTBL-N-IPDUPLICATE: Duplicate IP address 10.201.255.5 from MAC 88:5a:92:09:ab:98 was detected on VLAN 255, port gi18, aggregated (6)

The ip address changes and matches the ip of whatever SG300 switch I'm working on. The MAC address (88:5a:92:09:ab:98) is the MAC address of the trunk port on the 3750 at the core. When I unplug the trunk port on the 3750, I stop getting the error on all of the SG300 switches. I have not programmed any other ip address on the 3750 other than 10.201.255.1 255.255.255.0.

WHAT I'VE TRIED TO DO TO FIX IT

- Remove the ip address from Vlan 1 on an SG300 switch using
#int vlan 1
#no ip address

Once I did that, I can no longer reach the switch using the IP address assigned to vlan 255.

- Assigning Vlan 1 as the default vlan using:

#vlan database
#vlan 1
#default-vlan vlan 1
**then performed a restart of the switch

Here's the output of #show ip interface from one of the SG300 switches:

CR-FOH-PRONET#show ip int

Gateway IP Address Activity status Type
----------------------- ----------------------- --------

IP Address I/F Type Status
------------------- --------- ----------- -----------
10.201.255.8/24 vlan 255 Static Valid
duplicated

I realize the easy answer is, "Well, you've got a duplicate IP address". Please know that I only put in the ip address for each of the SG300 switches only once. I did not put them on the 3750 switch (which is stated as the source of the conflict in the error). I think it's interesting that the 2960 switches are not displaying an error.

What are your thoughts? What am I missing?

Thank you for your help! I can post anything you need to help figure out what's going on.

Ruggero Delcuratolo · ‎05-12-2014

Understand. perhaps the duplicate IP issue appears because you are using trunk ports between the 2960 Distribution and 3750 Core via mismatching native vlans.

Trunk ports uses vlan 1 as the native vlan by default, but you can change the behavior using the command:

switchport trunk native vlan 255.

That way you keep vlan 255 as the management and native vlan for trunks and it prevents any mismatch or any issues that you observed when you removed the IP from Vlan 1 or when you tried diabling Vlan 1.

Ideally if I look at your diagram, you should do this:

1) Run only Layer 3 Routing on the 3750 using for example EIGRP or OSPF (it then becomes a real core layer - the Core layer normally only runs routing and not Vlans or Spanning-tree.

2) Change the links between the 3750 and the 2960 to be Layer 3 routed interfaces instead of trunks, you can use point to point links subnet in each port going from the 3750 to the 2960

3) Enable EIGRP or OSPF between the 2960 and 3750 so that they can exchange all the Vlan informations or Subnet information via routing protocols

4) Run your Layer 3 Vlans on the 2960s (that makes them Distribution layer for Vlans) trunk those vlans to your access Layer so that you can assign them to the various hosts or PCs connected to the Access switches, the SG300.

View solution in original post

Ruggero Delcuratolo · ‎05-12-2014

Can you attach a picture of a diagram of the connections between the 3750, 2960 and SG300? You are saying that you have core,distrubition and access layers, but it would help to see how you are interconnecting them. Any reason why you are running trunk ports on the Core Layer? If it is a routed segment and the 2960 is the distribution, you should run L3 routing between the Core and the distribution and avoid using L2 links. Perhaps a diagram can clarify what is the setup and I can help you out.

cobbcobb · ‎05-12-2014

I may not be using the terms Core, Distribution, and Access correctly. I'm working on my CCNA right now, so I'm new to this!

I attached a diagram. Basically we have two legs of the network that are self contained and the only data that needs to get in and out is for managing the switches. On the third leg of the network I'd like to support multiple vlans that all need access to the 192.168.10.0 network as well as access out to the internet.

Ruggero Delcuratolo · ‎05-12-2014

Understand. perhaps the duplicate IP issue appears because you are using trunk ports between the 2960 Distribution and 3750 Core via mismatching native vlans.

Trunk ports uses vlan 1 as the native vlan by default, but you can change the behavior using the command:

switchport trunk native vlan 255.

That way you keep vlan 255 as the management and native vlan for trunks and it prevents any mismatch or any issues that you observed when you removed the IP from Vlan 1 or when you tried diabling Vlan 1.

Ideally if I look at your diagram, you should do this:

1) Run only Layer 3 Routing on the 3750 using for example EIGRP or OSPF (it then becomes a real core layer - the Core layer normally only runs routing and not Vlans or Spanning-tree.

2) Change the links between the 3750 and the 2960 to be Layer 3 routed interfaces instead of trunks, you can use point to point links subnet in each port going from the 3750 to the 2960

3) Enable EIGRP or OSPF between the 2960 and 3750 so that they can exchange all the Vlan informations or Subnet information via routing protocols

4) Run your Layer 3 Vlans on the 2960s (that makes them Distribution layer for Vlans) trunk those vlans to your access Layer so that you can assign them to the various hosts or PCs connected to the Access switches, the SG300.

cobbcobb · ‎05-12-2014

ok...I think I'm following you.

So do (config-if)#no switchport for each interface that's coming in from the 2960s and give it an ip address?

Would I need to run a physical line for each vlan on the 2960 up to the 3750? Otherwise, how could the 3750 serve all the vlans on the 2960 through only one non-trunk line?

Thanks for your help

cobbcobb · ‎05-12-2014

Ok...I understand. Specifically the 2960s can do static ip routing:

http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst2960/software/release/12-2_55_se/configuration/guide/scg_2960/swipstatrout.html#wp1202471

I see how it's possible now to do a point to point connection between the 3750 and 2960. I'll try it when I'm at work tomorrow as Packet Tracer doesn't have the 2960s....only the 2960.

I'll let you know how it goes.

Thanks!

cobbcobb · ‎05-14-2014

Thanks again for your help. I finished the configurations this morning with point to point links between the 3750 and the 2960 switches. I'm running the vlans only from the distribution layer down and I'm able to login remotely to any switch from any switch. I don't have an ip conflict and everything is working as expected.

Thanks!

Ruggero Delcuratolo · ‎05-15-2014

Great, I am glad that it works. Keep in mind that on an ideal design, Core should always run L3 only, distribution can be mixing L3 and L2 Trunks to the Access and Access is normally L2 only.

srinu.allamani · ‎08-31-2015

Hi Ruggero Delcuratolo ,

We have same issue & same network setup , we are using vlan1 for management and Vlan1 is native VLAN between 3750 & 2960 , still we are getting duplicate error message on sg300.

Any suggestions.

Thank You.

SG300 series duplicate IP on VLAN

Cisco Business Product Family

Cisco Switching Product Family