Link to home
Start Free TrialLog in
Avatar of chrisjmolloy
chrisjmolloy

asked on

Duplicate IP Address?

We have been experiencing persistent connection issues with our Exchange server.  Primary suspect for cause is another device with the same IP address as our Exchange server.  Running the following commands I was able to discover the MAC address of suspected culprit:

1) arp -a <IP_Address>           (recorded results)
2) arp -d <IP_Address>
3) ping <IP_Address>
4) arp -a <IP_Address>           (compare results with #1)

Results from #1 and #4 had different MAC addresses listed.  Once connection issues were temporarily cleared up I then connected to Exchange server and checked it's MAC address.  We now have known correct address and possible culprit.  Doing MAC address lookup we know duplicate device is a Dell, but that doesn't really help as we use all Dell desktops and laptops for our ~100 users on that subnet.

On to the question...  Is there any possible way to determine what and where the device using the duplicate IP is?  Are there any options on blocking this device from accessing the network?  

The IP address is outside the scope of our DHCP server so we know it must be statically configured.  One workaround we have started using for clients with connection issues is to delete the arp record and create a static arp entry with the correct MAC address.  But this will work only for workstations; we won't be able to apply this workaround for all of our digital senders and devices configured to send alerts via SMTP.  It would be too cumbersome to change the IP address of our Exchange server, we must find this conflicting device to correct and resolve our communication issues
ASKER CERTIFIED SOLUTION
Avatar of akb
akb
Flag of Australia image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
SOLUTION
Avatar of Mohammed Khawaja
Mohammed Khawaja
Flag of Canada image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
Another thought, once you have only the offending device on that IP address, try browsing the device in Windows Explorer by using the IP address. You may see shares which give you a hint. Also try looking for the C$ drive. If you have admin rights you may be able to read the C drive on the offending PC.
After hours, send a regular ping. Check the switches for a flashing access light that matches the cadence, and try disconnecting it. Hopefully, you can get access when the office is empty and most connections are not in use.
I'm commenting here primarily to see the correct answer.  <g>.  I would use a brute  force technique such as turning off one switch at a time to see where the problematic device is plugged in and then eliminating the devices on that switch with a 50-50 split.

Or, knowing its IP you can determine its MAC address and the system name.  Not sure that would help, but once knowing the system name and IP you should be able to RDP to it and leave a message on the system with Notepad for the user to call you.
You should be able to block network access based on the MAC address. Most if not all switches support this.

Hope that helps...
Not sure what you are after akb provided a way to  locate the switch where the device is, once the switch is identified, you can on that switch identify the port on which that system is connected.

Sneak also covered the lockout.

Is it possible for a wireless to use that iP?
If you have Cisco switches you can temporary disable network card on exchange (if you will search over IP address, if you will search over mac address I guess you don't have to disable network card) and issue
# traceroute mac or # traceroute mac ip
That would allow you to fast find location of duplicate address device either by mac or ip address.

Article
In my point of view you should change your setup and only use DHCP for all of your devices and PC's, and don't allow setting anything to static except maybe the device that acts as your router and DHCP server.

Then if anything requires a static IP, use your DHCP server to make reservations for those devices or PC's. This way your static IP's are all centrally managed on your DHCP server and duplicate IP's avoided in the first place. You also don't have manually setup each device as usually DHCP is the default anyway.
server/roles will run with problems as they expect the IP/network interface reflected as static, DHCP reserved IPs are not reflected as static on the system.
Segment/vlan separation for servers and clients is a way to minimize server impacting duplicate IP..

The risk of Mac locking IPs, is that over time, it might be turn around and have an adverse effect.