07-22-2015 03:25 AM - edited 03-08-2019 01:03 AM
It seems that a Cisco network switch upgrade (from a 2950 to a 3650) has plagued the operation's Allen Bradley PLCs with faults (1756-ENBT’s are showing Duplicate IP Address errors, although there are no duplicate IP addresses present). Additionally, if the patch cable that connects the switches in the operation to the newly upgraded switch on the network backbone, the same issue occurs. I am fairly sure that it has something to do with the new switch configurations. I’ve pasted one of the new switch configurations below. Can anyone help point me in the right direction to troubleshoot and resolve?
Thanks in advance.
Item | Action | Command | Note |
|
|
|
|
1 | Set VTP Mode | Vtp mode transparent |
|
2 | Create Vlan 221 | Vlan 221 Name Operations 2 |
|
3 | Configure Spanning Tree Mode | Spanning-tree mode PVST |
|
4 | Shutdown Interface Vlan 1 | Interface Vlan 1 Shutdown |
|
5 | Create Interface Vlan 221 | Interface Vlan 221 Ip address 192.168.1.32 255.255.255.0 No shut |
|
6 | Set Default-gateway | Ip default-gateway 192.168.1.50 |
|
7 | Configure Ports for Operations Field Devices | Interface range gig 1/0/1 – 22 Switchport Switchport mode access Switchport access vlan 221 Power inline never Spanning-tree portfast No shut |
|
8 | Configure port for Operations Switch to switch Connection | Interface Gig 1/0/23 Descrip Operations Switch 2 | Gi 1/0/23 Switchport Switchport nonegotiate Switchport mode trunk No shut
|
|
9 | Configure port for IT network Interface | Interface Gig 1/0/24 Switchport Switchport mode access Switchport nonegotiate Switchport access vlan 221 No shut |
|
07-22-2015 03:48 AM
Can anyone help point me in the right direction to troubleshoot and resolve?
Post the complete error message stating the duplicate IP address. I am particularly curious to know the two (or more) MAC address sharing the same IP address.
07-22-2015 12:06 PM
The error across the card shows "Duplicate IP Address : IP ADDRESS : MAC ADDRESS"
(with the upper case being the ip address and the mac address of the card itself).
The static Ip/MAC Addresses of the 1756-ENBT cards that the Controllogix 5562 PLCs are using consist of:
PLC 21B - 192.168.32.20 - 00-00-BC-3B-2E-ED
PLC 21A - 192.168.32.21 - 00-00-BC-3B-2E-38
PLC 22A - 192.168.32.22 - 00-00-BC-3B-2D-9B
PLC 22B - 192.168.32.23 - 00-00-BC-3B-2C-A6
Thanks for any insight you can provide.
07-22-2015 02:26 PM
The error has to do with ip tracking which is enabled by default on some of the newer versions of code...either disable global or issue the nmsp attachment suppress command on the port the plc is attached.
07-22-2015 09:01 PM
Thank you for your help / reply. I was directed to a Rockwell Automation knowledgebase article that spelled it out for me, as well as the workarounds:
568750 False Duplicate IP detection on Ethernet modules when used with Cisco switches
Problem
When Rockwell Automation EtherNet/IP modules are connected to a subnet containing Cisco switches with "IP device tracking" (IPDT) enabled, the modules may go into a
duplicate IP address state after a restart/reset.
Environment
Any layer two networks that contain both Rockwell Automation EtherNet/IP modules and Cisco switches running IPDT.
IPDT is much more likely to be implemented on Cisco switches as of August, 2013 because of a behavior change which enables this command if any feature which
requires it is enabled.
This behavior change also removes the ability to turn off IPDT without first turning off any features which require IPDT.
The Stratix line of switches will not have “IP device tracking” enabled by default until a permanent solution is in place.
Cause
The IPDT feature sends probe ARP packets with a source IP address of 0.0.0.0., the source MAC ID of the switch, and the target IP and MAC ID for the device being probed
to check that it is still connected and responsive.
When a device becomes disconnected, and then is reconnected within the configurable IPDT timeout period, probe ARP packets may be received by a Logix Ethernet
module at the same time as it is in its Address Conflict Detection mechanism. If this happens, the EtherNet/IP module will immediately go into a duplicate IP state, and
stop communicating.
IPDT when activated on a Cisco switch will try to probe for every IP connected on the subnet, regardless of whether it is connected to that switch or not.
Testing has shown that this affects the majority of Ethernet modules sold by Rockwell Automation.
Solution
Cisco is continually updating the latest workarounds.
Here is a link to Cisco’s technote:
http://www.cisco.com/c/en/us/support/docs/ip/addressresolutionprotocolarp/
118630technoteipdt00.
html
Workaround
Several workarounds to this issue exist. They all make suggestions using Cisco IOS commandline
interface commands.
Workaround 1
Architect manufacturing zone subnets such that:
1. IPDT is explicitly disabled on every trunk port with the following command:
Hostname (configif)#
ip device tracking maximum 0
2. IPDT probe delay is manually configured on any access port connected to a Rockwell Automation Ethernet module with the following command:
Hostname (config)# ip device tracking probe delay 10
Workaround 2
If the switch in question has an administration IP (SVI) configured on the subnet/VLAN in question the Cisco CLI command:
Hostname (config)# ip device tracking probe usesvi
will insert the administration IP into the source IP in the IPDT packet. This packet will not impact Address Conflict Detection operation.
Workaround 3
Disable IPDT on any Cisco switch ports with IPDT enabled that subsequently connect to a Rockwell Automation Ethernet module with the following command:
Hostname (configif)#
ip device tracking maximum 0
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide