cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
16389
Views
63
Helpful
8
Replies

Nexus 5548 - %ARP-3-DUP_SRCIP_PROBE: Duplicate address Detected

dmarekatc
Level 1
Level 1

Hello.

Looking for some assistance on the following please, I'll try to include a lot of detail:

I noticed we're receiving repeating messages on a pair of Nexus 5548UP switches, regarding duplicate IP's, and the IP's in question are the mgmt0 of each respective Nexus switch; which are connected to each other and uplinked to two 3750X switches which are also linked to each other (not as a stack, with optics).

Here is a sample of the syslog message:  %ARP-3-DUP_SRCIP_PROBE:  arp [####]  Duplicate address Detected. Probe  packet received from zzzz.zzzz.zzzz on mgmt0 with destination set to our local ip, xxx.xxx.xxx.xxx

And in ascii art, here is a diagram:  SW1&2 are 3750X (running 15.x code) and NX1&2 are Nexus 5548UP (running 6.x code)

SW1---SW2

|           |

NX1---NX2

Pretty basic box/"ring", just in case the diagram doesn't format well, with rapid spanning-tree in effect.  The Nexus are Layer2 only, and the 3750X's are Layer 2 & 3 /w HSRP on a few SVI's in them.  All vlans can pass over the connecting trunks.  And on the Nexus, the management interface (mgmt0) is connected to 3750X (NX1 to SW1 and NX2 to SW2); e.g. management is done over this vrf interface, versus it flowing through a trunk interface to a SVI on the Nexus.

I know these messages to be erroneous as far an being actual duplicate IP's on the network, and have seen a few posts that indicate a command ("no ip arp gratuitous hsrp duplicate") typically referencing a Nexus 7000 setup has helped, but obviously as described that's not involved here.  Note: Placing that command on the mgmt0 interface of the two nexus had no positive effect.  The messages didn't start showing until after HSRP was enabled on the applicable 3750X SVI's - so seems a likely correlation.

Essentially looking to clear this up (ideally) or suppress the messages since they're false.  Any ideas?

Thanks!

8 Replies 8

Marvin Rhoads
Hall of Fame
Hall of Fame

Brave of you to run the 5k 6.x release - first one I've seen "in the wild".

Just a guess - but have you enabled "ip arp synchronize" under your VPC configuration? Reference.

Thanks for the response Marvin.

There's no VPC involved in this instance - these nexus switches are being used as access switches essentially for 10Gb connectivity for client ports, and are more acting as traditional switches in terms of features.

dmarekatc
Level 1
Level 1

For those encountering this same issue, here is some information that may lead you to a resolve.

I decided to open a TAC case to get some direct assistance, and I was directed to the 3750X's and a new feature in the 15.x code, "ip device tracking".  I was directed to remove that without specific details / steps on how to best do it (e.g. "no ip device tracking" does not remove it from the global config, as of 15.2(1)E anyway and is the most current at the time of this posting), and that didn't take, giving the message: % IP device tracking is disabled at the interface level by removing the relevant configs.  However, after doing some research on the command, I can across some similar posts on 15.x code and duplicate IP messages.... Here's two posts I referenced:

https://supportforums.cisco.com/thread/2244042

https://supportforums.cisco.com/thread/2239656

I opted for the "no macro auto monitor" command in the 3750X's in global config, as mentioned in the above post(s) - This did stop the messages from occurring in the Nexus switches.  IMPORTANT NOTE:  I noticed that it did appear to bounce all the switch ports however, which could impact production - Be advised!

I cannot speak to if the interface level command 'nmsp attach suppress' is a better route to go, which is also referenced in the posts (first one primarily) - I went the other route to not have all the extra config line entries.  I have asked Cisco what the true impact of the "no macro auto monitor" command is, and am waiting a response - Ideally there's little to none, probably depending on if you want to make use of device tracking or not... in my case, I suspect I don't have a need for this and thus there's no impact - I shall see.

It would be ideal if code is released to disable this service / feature in the future more gracefully and/or code changes are done to remedy this issue so you can have the feature enabled (or not).  I akin this much like the "vstack" service that was introduced around 12.2(55/58)SE IOS that couldn't be disabled & left an open TCP port (not good for security scans), then with 12.2(58)SE2 they allowed it to be disabled (e.g. "no vstack" in global config).

Hopefully these details prove of value.

Regards.

      

NOTE:  Since it doesn't seem you can"answer" your own posts, which seems silly; please note I consider this item resolved / answered.

We upgraded our N7K last night to 6.2(2a) and seeing the same messages in our logs from one 2960S over 10Gb. The fix was to add the following to the 10Gb uplink on the 2960S:

conf t

int t1/0/1

ip device tracking maximum 0

None of the other fixes worked for us. We only had one switch affected out of the approx 30 2960s we have in production. All were recently upgraded to 15.2-1.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

Thanks for posting your resolution. +5

Jason Gauruder
Level 1
Level 1

We upgraded our N7k to 6.2(2a) just this week for a eigrp route tagging fix and started seeing this message.  The workaround was to disable the device tracking on our 4506-R switches 10G trunk uplinks using "ip device tracking maximum 0".  those 4506-R are running 15.2(1) - have the ip device tracking feature enabled and can only be disabled per interface (so disabling on its trunk uplinks did the trick).

the 4506-R SVI we use for management access and N7k mgmt0  interface are in the same vlan.  so, the device tracking feature from the 4506-R was tickling the N7k and causing it log that message over and over and over.  

situwayne
Level 1
Level 1

I have the same issue.  found this bug ID CSCud96554

Symptom:
Following error messages shown in the logs

%ARP-3-DUP_VADDR_SRC_IP_PROBE: arp [5438] Duplicate address Detected. Probe packet received from xxxx.xxxx.xxxx on VlanX(EthernetX/Y) with destination set to our local Virtual ip, x.x.x.x
%ARP-3-DUP_SRCIP_PROBE: arp [3245] Duplicate address Detected. Probe packet received from xxxx.xxxx.xxxx on Vlan1 with destination set to our local ip, .x.x.x.x

Conditions:
There is IOS device configured with feature IP Device Tracking connected to Nexus Series.

Workaround:
Reduce the logging level 2 for arp 'logging level arp 2' on Nexus

Or

Disable IP device tracking feature on the IOS device if not being used.

The error message "%ARP-3-DUP_SRC_IP_PROBE" is triggered when Nexus switches are connected to IOS devices with "ip device tracking" enabled.

Check the bug ID - CSCud96554

Symptom:
Following error messages shown in the logs

%ARP-3-DUP_VADDR_SRC_IP_PROBE: arp [5438] Duplicate address Detected. Probe packet received from xxxx.xxxx.xxxx on VlanX(EthernetX/Y) with destination set to our local Virtual ip, x.x.x.x

%ARP-3-DUP_SRCIP_PROBE: arp [3245] Duplicate address Detected. Probe packet received from xxxx.xxxx.xxxx on Vlan1 with destination set to our local ip, .x.x.x.x

Conditions:

There is IOS device configured with feature IP Device Tracking connected to Nexus Series.

Workaround:

Reduce the logging level 2 for arp 'logging level arp 2' on Nexus

Or

Disable IP device tracking feature on the IOS device if not being used.

--------------------------------------------------------------------------------------------------------------------------------------------------

If this posts answers your question or is helpful, please consider rating it and/or marking as answered.

---------------------------------------------------------------------------------------------------------------------------------------------------

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: