Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
8969
Views
0
Helpful
4
Replies

Duplicate Source IP on VLAN

F3nrir
Level 1
Level 1

‎08-23-2019 08:36 AM

I'm currently stumped by this one, every so often I'm getting these logs on one of my Nexus 9k VPC pair. Is this indicative of a loop? I've been combing the forums on this and can't seem to find a concrete answer.

 

XXXXXX %ARP-2-DUP_SRC_IP:  arp [27343]  Source address of packet received from ee51.c59b.a314 on VlanX(port-channel1) is duplicate of local, X.X.X.X
XXXXXX %ARP-2-DUP_SRC_IP:  arp [27343]  Source address of packet received from ee51.c59b.a314 on VlanY(port-channel51) is duplicate of local, X.X.X.X
XXXXXX %ARP-2-DUP_SRC_IP:  arp [27343]  Source address of packet received from ee51.c59b.a314 on VlanX(port-channel1) is duplicate of local, X.X.X.X
3 people had this problem
Labels:
0 Helpful
4 Replies 4

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎08-23-2019 09:18 AM

Hello F3nrir,

you may be facing some L2 issues here.

Is the listed MAC address used by the local switch ?

>>

ARP-2-DUP_SRC_IP:  arp [27343]  Source address of packet received from ee51.c59b.a314 on VlanX(port-channel1) is duplicate of local, X.X.X.X

 

If so the switch is receiving back some packets likely an ARP request that is sent as a broadcast.

This is the sign of a temporary bridging loop, because in a loop free topology broadcast frames  are flooded to all ports in Vlan but they do not come back.

However, you have two Nexus 9k deployed in pair with vPC. So perfom all consistency checks on vPCs.

Verify STP activity in the network.

 

Hope to help

Giuseppe

 

0 Helpful

F3nrir
Level 1
Level 1
In response to Giuseppe Larosa

‎08-23-2019 10:11 AM

Hi @Giuseppe Larosa thank you for your reply.

 

The mac-address is not on the local switch that is why I am very confused. Po1 is the VPC peer link so I checked the peer as well and it does have this mac address either...

 

Will do my consistency checks now.

0 Helpful

Matt Delony
Cisco Employee
Cisco Employee

‎08-23-2019 10:14 AM

Hello F3nrir,

 

The error is indicating that ARP traffic with "Sender protocol address" was same as IP address configured on the Nexus 9k VPC pair. If the MAC address it specified is not belonging to the nexus, then it can indicate possible ARP spoofing from another host in same VLAN as listed on the error message. The listed MAC address would be the source MAC of the ARP traffic.

 

I looked up the vendor OUI, but I can't find an entry for it. See if you can track down where this MAC address is located.

 

also, I have seen IP device tracking ARP probe config on Catalyst C3650/C3850/C9k switches unintentionally spoof gateway address. Check if you have any of these model switches with config like: "ip device tracking probe auto-source fallback 0.0.0.1 255.255.255.0 override" (reference).

0 Helpful

F3nrir
Level 1
Level 1
In response to Matt Delony

‎08-23-2019 10:49 AM

Hi @Matt Delony Thanks for your reply,

 

I'm going to see what I can track down. The other port-channel is connecting to a blade chassis I'm going to look into that as well. Will let you know If I have an update. Thanks!

0 Helpful
Customers Also Viewed These Support Documents