Network technologies and trends

Nov 9 2008   6:51AM GMT

Don’t panic whenever you see %IP-4-DUPADDR: Duplicate address error log in your Cisco 6500 Switches running HSRP

Yasir Irfan Yasir Irfan Profile: Yasir Irfan

If you are running HSRP and one of your VLAN is down and the following errors are generated in your Switch don’t panic. All this happens due the Trojans in the network.

MBGF-DAC-6500-BB01#sho log

 

Nov  9 07:54:21: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:54:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:55:22: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:55:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:56:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.1 256 packets

Nov  9 07:56:22: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:56:52: %IP-4-DUPADDR: Duplicate address 10.12.0.1 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:57:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.2 263 packets

Nov  9 07:57:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.7 200 packets

Nov  9 07:57:22: %IP-4-DUPADDR: Duplicate address 10.12.0.1 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:57:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

MBGF-DAC-6500-BB01#

Last week at 3 A.M I received a call from our Help Desk, stating our applications are not running in one our departments. I logged remotely to our Network and try figured out what is problem. Upon carefully looking at the logs in our Cisco 6513 core Switches I figured out a duplicate IP address is created which happens to be the Standby IP address for the Core Switch for HSRP.

I figured out the PC by looking the at mac address generated in the log and closed the network connection for that particular PC and the problem was solved.

If you face similar problems its better to change the HSRP Standby IP address in Core Switches and then try figure out the infected PC. Once the PC is figured out close the network connection and make sure the Trojans are removed. Upon cleaning the infected PC you can reconfigure the HSRP Standby IP address to the previous one.

Once I get the complete solution to fix this problem I will post it.

1  Comment on this Post

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when other members comment.

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
  • prasadmahadik
    How did you logged in.. We faced same issue and lost connection to CORE. the time we removed interconnection, it came up.
    10 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to: