Home > IT Blogs > Network technologies and trends > Don’t panic whenever you see %IP-4-DUPADDR: Duplicate address error log in your Cisco 6500 Switches running HSRP
>>VIEW ALL POSTS  

Network technologies and trends

«
»
Nov 9 2008   6:51AM GMT

Don’t panic whenever you see %IP-4-DUPADDR: Duplicate address error log in your Cisco 6500 Switches running HSRP



Posted by: Yasir Irfan
Cisco, Cisco 6500, Cisco 6500 Series Catalyst Switch, Cisco 6503, Cisco Catalyst 6503-E Switch, Cisco Catalyst 6506-E Switch, Cisco Catalyst 6509-E Switch, Cisco Catalyst 6509-V-E Switch, Cisco Catalyst 6513 Switch, Cisco Systems, Cisco Tips, Hot Standby Router Protocol, HSRP, Network Troubleshooting, Networking, Routing and Switching, Switches, Switching, Trojan

If you are running HSRP and one of your VLAN is down and the following errors are generated in your Switch don’t panic. All this happens due the Trojans in the network.

MBGF-DAC-6500-BB01#sho log

Nov  9 07:54:21: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:54:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:55:22: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:55:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:56:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.1 256 packets

Nov  9 07:56:22: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:56:52: %IP-4-DUPADDR: Duplicate address 10.12.0.1 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:57:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.2 263 packets

Nov  9 07:57:11: %SEC-6-IPACCESSLOGS: list 12 permitted 10.0.0.7 200 packets

Nov  9 07:57:22: %IP-4-DUPADDR: Duplicate address 10.12.0.1 on Vlan106, sourced by 000f.fe0a.1fbc

Nov  9 07:57:52: %IP-4-DUPADDR: Duplicate address 10.12.0.2 on Vlan106, sourced by 000f.fe0a.1fbc

MBGF-DAC-6500-BB01#

Last week at 3 A.M I received a call from our Help Desk, stating our applications are not running in one our departments. I logged remotely to our Network and try figured out what is problem. Upon carefully looking at the logs in our Cisco 6513 core Switches I figured out a duplicate IP address is created which happens to be the Standby IP address for the Core Switch for HSRP.

I figured out the PC by looking the at mac address generated in the log and closed the network connection for that particular PC and the problem was solved.

If you face similar problems its better to change the HSRP Standby IP address in Core Switches and then try figure out the infected PC. Once the PC is figured out close the network connection and make sure the Trojans are removed. Upon cleaning the infected PC you can reconfigure the HSRP Standby IP address to the previous one.

Once I get the complete solution to fix this problem I will post it.

  Bookmark and Share     Comment     RSS Feed     Email a friend

Comment on this Post

Leave a comment: