Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
562
Views
0
Helpful
1
Replies

Port Security and Duplicate IP's

xcz504d1114
Level 4
Level 4

‎02-11-2008 11:58 AM - edited ‎03-05-2019 09:05 PM

I'm trying to track down the logic for this, any help would be appreciated.

For reference, Computer A is attached to Switch A, Computer B is attached to Switch B. Both computers have the same IP address assigned, one obtained through DHCP, the other erroneously statically set.

Port-securtiy is triggered on switch A because the maximum mac-count on the port had been reached. The mac-address that triggered this even belongs to Computer B attached to Switch B.

How did a computer attached to Switch B trigger a port-security event on Switch A based on a duplicate IP address?

Closests answer I have so far is based on gratuitous ARP that windows uses to detect duplicate IP addresses, but that doesn't not explain to me how a frame with the source mac-address of Computer B originated from Computer A's port.

Thanks in advance,

Craig

Labels:
0 Helpful
1 Reply 1

xcz504d1114
Level 4
Level 4

‎02-11-2008 12:30 PM

Answered my own question, gratuitous ARP's are sent out by windows to detect if there is already a machine with that IP already on the network, it then sends out another gratuitous ARP with a spoofed mac-address of the original machines MAC to correct the ARP tables of any other devices that might have recieved the original g-ARP.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card