Cisco SG300-20 Duplicate IP Address
I have a SG300-20 Switch in Layer 3 mode.
The switch IP, which is the gateway for VLAN 5 is 192.168.5.1
On Gi 3, a server on VLAN 5 is present. It has an IP of 192.168.5.241
On the switch, I receive the log entries of:
%IPADTBL-N-IPDUPLICATE: Duplicate IP address 192.168.5.1 from MAC a0:b3:cc:eb:f2:2d was detected on VLAN 5, port gi3
On Gi3 is a HP ML150 server. Only one of the two nic's connected. The MAC address of the NIC is A0-B3-CC-EB-F2-2A
It almost suggests to me that a sub address of the nic has the same ip as the default gateway. (MAC 2A instead of 2D)
I cannot find anywhere on the server to change or remove an ip configured for that MAC address. This is what I have done to troubleshoot:
I moved the connection to a different port on the switch, the dup went with the port change
I switched the physical connection from LAN 1 to LAN 2 on the server. Gave the second NIC the same IP Settings as the first (it is a production server after all so an IP change isn't so easy). Even changing the NIC didn't get rid of the duplicate message, the MAC did however change in the log on the duplicate to be the same as the new physical NIC, except once again changing the final character by a few.
So, i am at a loss. I have absolutely no issues on the network, everything works great. Everything finds the gateway properly. I just have a concern with this duplicate IP error message. It doesn't seem right to just accept such a logged note.
Anyone have any ideas how I can get rid of this message?
Thank you
Paul
The switch IP, which is the gateway for VLAN 5 is 192.168.5.1
On Gi 3, a server on VLAN 5 is present. It has an IP of 192.168.5.241
On the switch, I receive the log entries of:
%IPADTBL-N-IPDUPLICATE: Duplicate IP address 192.168.5.1 from MAC a0:b3:cc:eb:f2:2d was detected on VLAN 5, port gi3
On Gi3 is a HP ML150 server. Only one of the two nic's connected. The MAC address of the NIC is A0-B3-CC-EB-F2-2A
It almost suggests to me that a sub address of the nic has the same ip as the default gateway. (MAC 2A instead of 2D)
I cannot find anywhere on the server to change or remove an ip configured for that MAC address. This is what I have done to troubleshoot:
I moved the connection to a different port on the switch, the dup went with the port change
I switched the physical connection from LAN 1 to LAN 2 on the server. Gave the second NIC the same IP Settings as the first (it is a production server after all so an IP change isn't so easy). Even changing the NIC didn't get rid of the duplicate message, the MAC did however change in the log on the duplicate to be the same as the new physical NIC, except once again changing the final character by a few.
So, i am at a loss. I have absolutely no issues on the network, everything works great. Everything finds the gateway properly. I just have a concern with this duplicate IP error message. It doesn't seem right to just accept such a logged note.
Anyone have any ideas how I can get rid of this message?
Thank you
Paul
ASKER
Server handles file and print sharing. It is a member server on a domain.
Remote Desktop Administration is enabled.
No VNC
No Network Monitoring Software either.
The info you requested below: Thank you
**********
C:\Users\timothy>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : ADMINSERVER
Primary Dns Suffix . . . . . . . : domainname.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domainname.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : domainname.local
Description . . . . . . . . . . . : HP NC112i 1-port Ethernet Server Adapter
#2
Physical Address. . . . . . . . . : A0-B3-CC-EB-F2-2A
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7035:6842:368b:6950%
IPv4 Address. . . . . . . . . . . : 192.168.5.241(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.5.1
DHCPv6 IAID . . . . . . . . . . . : 312521676
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-B7-57-41-A0
DNS Servers . . . . . . . . . . . : 192.168.5.240
192.168.2.235
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC112i 1-port Ethernet Server Adapter
Physical Address. . . . . . . . . : A0-B3-CC-EB-F2-2B
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.tcsadmin.local:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domainname.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{A20B867E-693E-40C8
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
**************
C:\Users\timothy>arp -a
Interface: 192.168.5.241 --- 0xd
Internet Address Physical Address Type
192.168.5.1 64-d8-14-61-bc-4c dynamic
192.168.5.20 00-25-11-6a-7d-45 dynamic
192.168.5.150 00-d0-b8-24-81-1f dynamic
192.168.5.240 d8-d3-85-ae-17-bc dynamic
192.168.5.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
************
VLAN 1 00:00:85:8a:af:b0 GE18
VLAN 1 00:00:85:8b:53:45 GE19
VLAN 1 00:04:00:89:a0:f3 GE20
VLAN 1 00:09:6b:f2:87:d6 GE18
VLAN 1 00:0d:60:94:e3:3c GE19
VLAN 1 00:0d:60:ee:15:d9 GE18
VLAN 1 00:0e:84:1c:d3:18 GE18
VLAN 1 00:11:85:39:58:00 GE19
VLAN 1 00:11:85:39:58:4f GE19
VLAN 1 54:78:1a:49:fc:99 GE20
VLAN 1 54:78:1a:49:fc:ca GE20
VLAN 1 5c:f9:38:c8:ec:87 GE19
VLAN 1 68:5b:35:af:d2:50 GE20
VLAN 5 00:d0:b8:24:81:1f GE11
VLAN 5 a0:b3:cc:eb:f2:2a GE3
VLAN 5 a0:b3:cc:eb:f2:2d GE3
VLAN 5 d8:d3:85:ae:17:bc GE6
VLAN 10 00:1c:10:f5:ed:a4 GE17
VLAN 99 00:0d:60:ef:81:f9 GE19
VLAN 99 00:0e:84:1c:d3:18 GE18
VLAN 99 00:21:29:ca:44:58 GE18
VLAN 99 00:21:29:ca:48:33 GE18
VLAN 99 c8:be:19:6e:10:eb GE18
VLAN 99 c8:be:19:6e:11:21 GE19
VLAN 99 c8:be:19:6e:11:8d GE19
VLAN 99 c8:be:19:6e:14:e9 GE19
VLAN 99 c8:be:19:6e:18:81 GE19
VLAN 99 c8:be:19:6e:18:89 GE19
VLAN 99 c8:be:19:6e:29:61 GE18
VLAN 99 c8:be:19:6e:2b:a9 GE19
VLAN 99 c8:be:19:6e:2e:05 GE19
Remote Desktop Administration is enabled.
No VNC
No Network Monitoring Software either.
The info you requested below: Thank you
**********
C:\Users\timothy>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : ADMINSERVER
Primary Dns Suffix . . . . . . . : domainname.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : domainname.local
Ethernet adapter Local Area Connection 2:
Connection-specific DNS Suffix . : domainname.local
Description . . . . . . . . . . . : HP NC112i 1-port Ethernet Server Adapter
#2
Physical Address. . . . . . . . . : A0-B3-CC-EB-F2-2A
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::7035:6842:368b:6950%
IPv4 Address. . . . . . . . . . . : 192.168.5.241(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.5.1
DHCPv6 IAID . . . . . . . . . . . : 312521676
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-B7-57-41-A0
DNS Servers . . . . . . . . . . . : 192.168.5.240
192.168.2.235
NetBIOS over Tcpip. . . . . . . . : Enabled
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : HP NC112i 1-port Ethernet Server Adapter
Physical Address. . . . . . . . . : A0-B3-CC-EB-F2-2B
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.tcsadmin.local:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . : domainname.local
Description . . . . . . . . . . . : Microsoft ISATAP Adapter
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter isatap.{A20B867E-693E-40C8
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft ISATAP Adapter #2
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
Tunnel adapter Teredo Tunneling Pseudo-Interface:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
DHCP Enabled. . . . . . . . . . . : No
Autoconfiguration Enabled . . . . : Yes
**************
C:\Users\timothy>arp -a
Interface: 192.168.5.241 --- 0xd
Internet Address Physical Address Type
192.168.5.1 64-d8-14-61-bc-4c dynamic
192.168.5.20 00-25-11-6a-7d-45 dynamic
192.168.5.150 00-d0-b8-24-81-1f dynamic
192.168.5.240 d8-d3-85-ae-17-bc dynamic
192.168.5.255 ff-ff-ff-ff-ff-ff static
224.0.0.22 01-00-5e-00-00-16 static
224.0.0.252 01-00-5e-00-00-fc static
************
VLAN 1 00:00:85:8a:af:b0 GE18
VLAN 1 00:00:85:8b:53:45 GE19
VLAN 1 00:04:00:89:a0:f3 GE20
VLAN 1 00:09:6b:f2:87:d6 GE18
VLAN 1 00:0d:60:94:e3:3c GE19
VLAN 1 00:0d:60:ee:15:d9 GE18
VLAN 1 00:0e:84:1c:d3:18 GE18
VLAN 1 00:11:85:39:58:00 GE19
VLAN 1 00:11:85:39:58:4f GE19
VLAN 1 54:78:1a:49:fc:99 GE20
VLAN 1 54:78:1a:49:fc:ca GE20
VLAN 1 5c:f9:38:c8:ec:87 GE19
VLAN 1 68:5b:35:af:d2:50 GE20
VLAN 5 00:d0:b8:24:81:1f GE11
VLAN 5 a0:b3:cc:eb:f2:2a GE3
VLAN 5 a0:b3:cc:eb:f2:2d GE3
VLAN 5 d8:d3:85:ae:17:bc GE6
VLAN 10 00:1c:10:f5:ed:a4 GE17
VLAN 99 00:0d:60:ef:81:f9 GE19
VLAN 99 00:0e:84:1c:d3:18 GE18
VLAN 99 00:21:29:ca:44:58 GE18
VLAN 99 00:21:29:ca:48:33 GE18
VLAN 99 c8:be:19:6e:10:eb GE18
VLAN 99 c8:be:19:6e:11:21 GE19
VLAN 99 c8:be:19:6e:11:8d GE19
VLAN 99 c8:be:19:6e:14:e9 GE19
VLAN 99 c8:be:19:6e:18:81 GE19
VLAN 99 c8:be:19:6e:18:89 GE19
VLAN 99 c8:be:19:6e:29:61 GE18
VLAN 99 c8:be:19:6e:2b:a9 GE19
VLAN 99 c8:be:19:6e:2e:05 GE19
ASKER
Is there anything you may be able to suggest for my issue?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Please review all the installed programs and running processes for unrecognized instances.
Also try Netmon3 to analyze traffic - looking for the rogue Mac Address. This looks loke Bot behavior to me
Also try Netmon3 to analyze traffic - looking for the rogue Mac Address. This looks loke Bot behavior to me
ASKER
Thanks
Could you post up an ipconfig /all on it?
Also run arp -a and post that, also please include the arp table from the switch