I have a 3550 Catalyst Switch. 2 computers connected to the switch have the same IP address configured and there is an IP address conflict. How do i zero in on these computers with just the CLI of the switch?
Asked
Active
Viewed 2.3k times
4
-
Does the 3550 have an SVI on the Vlan in question? BTW, Cisco's [`ip source-guard`](http://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst3550/software/release/12-2_25_see/configuration/guide/3550SCG/swdhcp82.html#wp1149156 "IP Source Guard") would altogether prevent this conflict at the cost of using DHCP or static IP address bindings in the switch. – Mike Pennington Dec 11 '14 at 07:23
-
No i dont. I have a network with 400 computers. There is an IP address conflict. I know the MAC addresses and the Interfaces of the switch to which these MAC addresses are connected. But following that trace back to the computer is becoming a complex task. But there is a naming convention for the computers. So if i get to know the computer names, i can easily go back to the computers and do something about it. Is there any way i can know the computer names with the MAC addresses and the Interface numbers? – Ravi Babu Dec 11 '14 at 08:01
-
Re: "is there any way i can know the computer names with the MAC addresses and the Interface numbers?" Not on a Cisco router or switch. The best you can do from a Cisco is grab the ARP table from your corresponding layer3 interface, and correlate that to your mac table on the layer2 Cisco 3550. In the real world, people either buy a commercial solution for this, or they script their own in Windows / Linux – Mike Pennington Dec 11 '14 at 08:04
-
Any other options? Will a layer 2 traceroute work or any other way? – Ravi Babu Dec 11 '14 at 08:06
-
If your switches support it, [`traceroute mac`](http://networkengineering.stackexchange.com/a/1702/775) is an option. Another longer-term option is [building an snmp solution](http://networkengineering.stackexchange.com/a/2904/775). This problem is [why I strongly prefer keeping layer3 as close as possible to users](http://serverfault.com/a/576947/78702) – Mike Pennington Dec 11 '14 at 08:09
-
In these situations (if I don't have access to the L3 gateway), I will connect a computer to the same network and use nmap to ARP the IP. You should get a response from both hosts that believe they should be using the IP address. Once you have the MAC addresses, tracking them down in the switch is trivial. – YLearn Dec 11 '14 at 14:29
-
ip device tracking will also provide valuable insight. – RedShift Dec 15 '14 at 18:53
-
Did any answer help you? if so, you should accept the answer so that the question doesn't keep popping up forever, looking for an answer. Alternatively, you could provide and accept your own answer. – Ron Maupin Aug 11 '17 at 01:50
5 Answers
2
Generally an IP address conflict is logged. Do "show log". You will see something like Duplicate address 10.25.32.15 on Vlan25 sourced by 0011.2233.4455 and there will be another message with the other mac address.
Then you show the mac address-table to see what port that mac address is connected to. ( show mac-address-table address 0011.2233.4455 )
Mike Pennington
- 29,876
- 11
- 78
- 152
GeorgeB
- 623
- 5
- 12
-
To be exact, the OP is asking about a duplicate address on two PCs attached to the switch. The switch will log a message when someone steps on the switch's IP address; however, I have not seen Catalyst switches log messages for other IP conflicts – Mike Pennington Jun 13 '15 at 06:25
-
I was assuming the 3550 was also doing the layer 3 routing. If it is, I am pretty sure it will log the conflict. If it is doing straight layer 2, I don't believe it will, you will have to go to the device doing the layer 3 (the one actually doing the ARP for the device) to find it in the log. It's been a couple of years since I've had this problem, though, but I seem to recall it was rather quickly sorted out. – GeorgeB Jun 13 '15 at 17:01
-
1Nevermind, we might have had dhcp conflict logging enabled in that particular case. – GeorgeB Jun 13 '15 at 17:09
-
I would love for Criscos to log generic address conflicts, but I likewise have not seen it happen without DAI / DHCP-SNOOPING – Mike Pennington Jun 13 '15 at 17:12
1
As far as I know there is no straight solution for this. In your case you can create a MAC address based ACL and bind it to the VLAN in which those SwitchPort exist. Of the two MAC address block one. Detection of the problem this way will be quick with a little obstruction in network service. You can refer to this configuration from Cisco doc.
Arvind
- 197
- 1
- 5
0
There are a few ways to do this. Is your switch running layer-3? If it is, then you can review the arp table on the switch for duplicate entries. You can also turn on ip tracking on the switch and then go through that data.
You will need to enable ip tracking first: ip device tracking You can then use: show ip device tracking all. Instead of using all you can enter an interface or an ip address to show these commands.
Jacob Colborn
- 66
- 1
-
You need to set a maximum of tracked devices on every interface in order for this to work (ip device tracking maximum <0-10>). Otherwise the switch will not be tracking. I do recall this behaviour to be different on some IOS releases, where enabling ip device tracking globally already starts tracking even though no maximum per interface has been set. – RedShift Jan 14 '15 at 20:33
0
As GeorgeB mentioned you could look at the log on the switch with the "show log" command in privilege (#) mode, or I believe if you did the "show arp" command from the (#) mode you should be able to see all of the connected devices, their MAC address, and their IP address in the results.
-3
ravi babu .. the best way to clear the ip conflict ,if DHCP is enabled in your network just give ipconfig /release and ipconfig/renew in both the pcs . If you gave static ip in your both the pcs .. then go to network settings and change the ip on both pcs. I don't think in the switch you can achieve this ,unless you have to shutdown any one of the switch port.
Ro21
- 1
- 2