Showing results for 
Search instead for 
Did you mean: 

%IP-4-DUPADDR: Duplicate address Interface Vlan w/ HSRP & Static NAT

Cam Rake

I have two 3845s running IOS 12.4(21a) & 15.1(4)M9 respectively.  The routers are running HSRP on interface VLAN200.  The VLAN is acting as the Inside NAT interface and a WAN circuit on each router is acting as the outside NAT interface.  On both routers there are about 50 identical static NAT entries to NAT destination IPs for traffic coming from the WAN heading towards the LAN.  These NAT IP addresses are complaining of a duplicate IP address, (with the MAC of the neighbor router).  Additionally the inbound routing for the WAN is fairly static although BGP provides redundancy, and the routing to the LAN may at times cross over to the neighbor to reach its internal destination.

When I attempt to bring up a new interface on the 16 port NM, I start receiving the below duplicate IP address error messages.  If I shut off the port the errors continue for 32-35 min.  This is quite similar to the reported problem in the below link, which discusses ARP occuring for the NAT entry and the use of stateful NAT etc.  However in my case it only occurs if I bring up a new NM port (although several others ports on the NM are already operating just fine).  It doesn't matter whether I run this port as an Access, Trunk or member of a port-channel - I get the same duplicate IP error message.  The interesting thing is that the problem only occurs on the 12.4 IOS router, but not the 15.1 version.  Furthermore, it does not appear to be negatively impacting the performance of the static NAT's, although further testing is required before I can fully conlcude this.

I will attempt an upgrade on the 12.4 router, but I'm curious as to why the error message occurs at all and why the process of turning up the NM interface triggers some sort of ARP process that results in a reported duplicate address of statically NATed IP's.  Does 15.1 suppress this output?  or does it prevent the ARP from being triggered?  The need to ARP for the NAT's makes sense, but why is it only triggered by an interface "no shut" command, and why only on 12.4? 

Error Message:  Jun 26 2015 05:07:59.294 GMT: %IP-4-DUPADDR: Duplicate address on Vlan1234, sourced by 001c.f600.0000

Similar to post:

0 Replies 0
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Recognize Your Peers