Solved

Cisco SG300-20 Duplicate IP Address

Posted on 2014-04-22
6
1,821 Views
Last Modified: 2014-07-18
I have a SG300-20 Switch in Layer 3 mode.
The switch IP, which is the gateway for VLAN 5 is 192.168.5.1

On Gi 3, a server on VLAN 5 is present.  It has an IP of 192.168.5.241

On the switch, I receive the log entries of:

%IPADTBL-N-IPDUPLICATE: Duplicate IP address 192.168.5.1 from MAC a0:b3:cc:eb:f2:2d was detected on VLAN 5, port gi3  

On Gi3 is a HP ML150 server.  Only one of the two nic's connected.  The MAC address of the NIC is A0-B3-CC-EB-F2-2A

It almost suggests to me that a sub address of the nic has the same ip as the default gateway.  (MAC 2A instead of 2D)

I cannot find anywhere on the server to change or remove an ip configured for that MAC address.   This is what I have done to troubleshoot:

I moved the connection to a different port on the switch, the dup went with the port change
I switched the physical connection from LAN 1 to LAN 2 on the server.  Gave the second NIC the same IP Settings as the first (it is a production server after all so an IP change isn't so easy).  Even changing the NIC didn't get rid of the duplicate message, the MAC did however change in the log on the duplicate to be the same as the new physical NIC, except once again changing the final character by a few.

So, i am at a loss.  I have absolutely no issues on the network, everything works great.  Everything finds the gateway properly.  I just have a concern with this duplicate IP error message.   It doesn't seem right to just accept such a logged note.

Anyone have any ideas how I can get rid of this message?

Thank you

Paul
0
Comment
Question by:TheMetalicOne
  • 3
  • 2
6 Comments
 
LVL 13

Expert Comment

by:Greg Hejl
Comment Utility
what does the server do?  do you have any network monitoring software on it? Remote desktop software? VNC or such?
Could you post up an ipconfig /all on it?

Also run arp -a and post that, also please include the arp table from the switch
0
 
LVL 5

Author Comment

by:TheMetalicOne
Comment Utility
Server handles file and print sharing.   It is a member server on a domain.

Remote Desktop Administration is enabled.
No VNC
No Network Monitoring Software either.

The info you requested below:  Thank you


**********
C:\Users\timothy>ipconfig /all

Windows IP Configuration

   Host Name . . . . . . . . . . . . : ADMINSERVER
   Primary Dns Suffix  . . . . . . . : domainname.local
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : domainname.local

Ethernet adapter Local Area Connection 2:

   Connection-specific DNS Suffix  . : domainname.local
   Description . . . . . . . . . . . : HP NC112i 1-port Ethernet Server Adapter
#2
   Physical Address. . . . . . . . . : A0-B3-CC-EB-F2-2A
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::7035:6842:368b:6950%13(Preferred)
   IPv4 Address. . . . . . . . . . . : 192.168.5.241(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.5.1
   DHCPv6 IAID . . . . . . . . . . . : 312521676
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-B7-57-41-A0-B3-CC-EB-F2-2B

   DNS Servers . . . . . . . . . . . : 192.168.5.240
                                       192.168.2.235
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Local Area Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : HP NC112i 1-port Ethernet Server Adapter
   Physical Address. . . . . . . . . : A0-B3-CC-EB-F2-2B
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.tcsadmin.local:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : domainname.local
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{A20B867E-693E-40C8-9AB6-B971035B36B1}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

**************

C:\Users\timothy>arp -a

Interface: 192.168.5.241 --- 0xd
  Internet Address      Physical Address      Type
  192.168.5.1           64-d8-14-61-bc-4c     dynamic
  192.168.5.20          00-25-11-6a-7d-45     dynamic
  192.168.5.150         00-d0-b8-24-81-1f     dynamic
  192.168.5.240         d8-d3-85-ae-17-bc     dynamic
  192.168.5.255         ff-ff-ff-ff-ff-ff     static
  224.0.0.22            01-00-5e-00-00-16     static
  224.0.0.252           01-00-5e-00-00-fc     static

************

VLAN 1   00:00:85:8a:af:b0    GE18    
  VLAN 1   00:00:85:8b:53:45    GE19    
  VLAN 1   00:04:00:89:a0:f3    GE20    
  VLAN 1   00:09:6b:f2:87:d6    GE18    
  VLAN 1   00:0d:60:94:e3:3c    GE19    
  VLAN 1   00:0d:60:ee:15:d9    GE18    
  VLAN 1   00:0e:84:1c:d3:18    GE18    
  VLAN 1   00:11:85:39:58:00    GE19    
  VLAN 1   00:11:85:39:58:4f    GE19    
  VLAN 1   54:78:1a:49:fc:99    GE20    
  VLAN 1   54:78:1a:49:fc:ca    GE20    
  VLAN 1   5c:f9:38:c8:ec:87    GE19    
  VLAN 1   68:5b:35:af:d2:50    GE20    
  VLAN 5   00:d0:b8:24:81:1f    GE11    
  VLAN 5   a0:b3:cc:eb:f2:2a    GE3    
  VLAN 5   a0:b3:cc:eb:f2:2d    GE3    
  VLAN 5   d8:d3:85:ae:17:bc    GE6    
  VLAN 10   00:1c:10:f5:ed:a4    GE17    
  VLAN 99   00:0d:60:ef:81:f9    GE19    
  VLAN 99   00:0e:84:1c:d3:18    GE18    
  VLAN 99   00:21:29:ca:44:58    GE18    
  VLAN 99   00:21:29:ca:48:33    GE18    
  VLAN 99   c8:be:19:6e:10:eb    GE18    
  VLAN 99   c8:be:19:6e:11:21    GE19    
  VLAN 99   c8:be:19:6e:11:8d    GE19    
  VLAN 99   c8:be:19:6e:14:e9    GE19    
  VLAN 99   c8:be:19:6e:18:81    GE19    
  VLAN 99   c8:be:19:6e:18:89    GE19    
  VLAN 99   c8:be:19:6e:29:61    GE18    
  VLAN 99   c8:be:19:6e:2b:a9    GE19    
  VLAN 99   c8:be:19:6e:2e:05    GE19
0
 
LVL 5

Author Comment

by:TheMetalicOne
Comment Utility
Is there anything you may be able to suggest for my issue?
0
The curse of the end user strikes again      

You’ve updated all your end user’s email signatures. Hooray! But guess what? They’re playing around with the HTML, adding stupid taglines and ruining the imagery. Find out how you can save your signatures from end users today.

 
LVL 6

Accepted Solution

by:
Hassan Besher earned 500 total points
Comment Utility
why you don't try to hardcode you mac address with your sever interface, and i mean write it manually ,

i guess there are a lot of ways to do it, one of them to check you NIC driver advanced tab at device manager, check attached PIC

and restart you server as well as clear arp table in your switch, and see how it will go!
Change-Mac-manually.png
0
 
LVL 13

Expert Comment

by:Greg Hejl
Comment Utility
Please review all the installed programs and running processes for unrecognized instances.  
Also try Netmon3 to analyze traffic - looking for the rogue Mac Address.  This looks loke Bot behavior to me
0
 
LVL 5

Author Closing Comment

by:TheMetalicOne
Comment Utility
Thanks
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Redirected folders in a windows domain can be quite useful for a number of reasons, one of them being that with redirected application data, you can give users more seamless experience when logging into different workstations.  For example, if a use…
OfficeMate Freezes on login or does not load after login credentials are input.
This tutorial will walk an individual through configuring a drive on a Windows Server 2008 to perform shadow copies in order to quickly recover deleted files and folders. Click on Start and then select Computer to view the available drives on the se…
This tutorial will walk an individual through setting the global and backup job media overwrite and protection periods in Backup Exec 2012. Log onto the Backup Exec Central Administration Server. Examine the services. If all or most of them are stop…

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

6 Experts available now in Live!

Get 1:1 Help Now