Solved: I think I try to do the

sunsteel7378 · ‎05-26-2015

This question is used a translator....

That caused the problem device "Catalyst 4500 L3 Switch Software (cat4500e-IPBASE-M), Version 12.2(53)SG2
topology ----> Backbone switch - L2 switch - AP - device
Users use the DHCP.
Users found the crash happened, 889b.39ff.0789 is a cell phone
To the logs resulting point, you were using utorrent to download the MP3 file.
This problem occurs occasionally.
The user has not manually set the IP.
10.30.24.1 is the gateway

Thank you....

This Log
Duplicate log
May 19 15:58:36.408: %IP-4-DUPADDR: Duplicate address 10.30.24.1 on Vlan24, sourced by 889b.39ff.0789
May 19 16:00:30.477: %IP-4-DUPADDR: Duplicate address 10.30.24.1 on Vlan24, sourced by 889b.39ff.0789
May 19 16:02:27.139: %IP-4-DUPADDR: Duplicate address 10.30.24.1 on Vlan24, sourced by 889b.39ff.0789
May 19 16:02:59.090: %IP-4-DUPADDR: Duplicate address 10.30.24.1 on Vlan24, sourced by 889b.39ff.0789
May 19 16:03:29.122: %IP-4-DUPADDR: Duplicate address 10.30.24.1 on Vlan24, sourced by 889b.39ff.0789
May 19 16:04:01.050: %IP-4-DUPADDR: Duplicate address 10.30.24.1 on Vlan24, sourced by 889b.39ff.0789
May 19 16:04:33.161: %IP-4-DUPADDR: Duplicate address 10.30.24.1 on Vlan24, sourced by 889b.39ff.0789
May 19 16:05:05.537: %IP-4-DUPADDR: Duplicate address 10.30.24.1 on Vlan24, sourced by 889b.39ff.0789
May 19 16:05:37.761: %IP-4-DUPADDR: Duplicate address 10.30.24.1 on Vlan24, sourced by 889b.39ff.0789
May 19 16:06:09.496: %IP-4-DUPADDR: Duplicate address 10.30.24.1 on Vlan24, sourced by 889b.39ff.0789
May 19 16:06:41.480: %IP-4-DUPADDR: Duplicate address 10.30.24.1 on Vlan24, sourced by 889b.39ff.0789

Peter Paluch · ‎05-26-2015

Hello,

So what you are telling me is that this MAC address belongs to a Samsung mobile phone. That is okay, however, the question remains: How is it possible that your DHCP server assigned an already used IP address to this phone, and even worse, how come that this IP address is the address of the switch (probably the gateway for the other phones)?

There is nothing more I can suggest except what I have stated already. You must first verify the configuration of your DHCP server and make sure that it excludes the IP address 10.30.24.1 from assignments. Your DHCP server does not know that by default; you have to configure it explicitly to avoid assigning this IP address to clients.

Second, if you are absolutely sure that your DHCP server did not assign this IP address to the client (you have to prove this by looking at the DHCP server configuration and also into its binding database and making sure that the offending MAC address is not associated with 10.30.24.1), you should start thinking about using protective measures against malicious attacks caused by address conflicts. There are two primary methods of protection: Use the IP Source Guard combined with DHCP Snooping on your access layer switches to make sure clients can only use the IP address that was assigned to them via DHCP and not any other address, including statically configured address, or - if you are using a wireless controller - configure it so that it does not allow client access if the client uses a static (that is, non-DHCP) address. Any of these methods will prevent a client whose IP address has not been properly obtained from a DHCP server, from accessing the network.

Best regards,
Peter

View solution in original post

Peter Paluch · ‎05-26-2015

Hi,

The switch is telling you that the IP address 10.30.24.1 that is configured on the switch is also used by another station in VLAN24. The MAC address of the offending station is 889b.39ff.0789 and according to the public OUI listing at ieee.org, this MAC address belongs to a Samsung-manufactured device. No further information is available.

What you need to do is track the device having the MAC address as mentioned above, and find out why is it using the same IP address as your switch. Most probably, it is misconfigured.

Best regards,
Peter

sunsteel7378 · ‎05-26-2015

hi

Thank you for your response.

889b.39ff.0789 is the DHCP settings..... ;(
Virus possibilities Perhaps ??
I have seen a similar case.

http://itknowledgeexchange.techtarget.com/network-technologies/solution-for-ip-4-dupaddr-duplicate-address-error-log-in-your-cisco-6500-switches-running-hsrp/

devils_advocate · ‎05-26-2015

This might seem obvious but you have set 10.30.24.1 to be an excluded address on the DHCP right?

sunsteel7378 · ‎05-26-2015

The DHCP server is normal....
Thank you for your help. :)

Peter Paluch · ‎05-26-2015

Hi,

I am not sure if I understand your response correctly. I can interpret your answer in two different ways:

Your DHCP server is using the IP address 10.30.24.1 as its own address
Your DHCP server has assigned the IP address 10.30.24.1 to a client

If the interpretation (1) is correct then your network is badly configured. Your DHCP server must not be using the same IP address as your Cisco switch. In this case, you will need to configure your DHCP server to use a different address as its own address.

If the interpretation (2) is correct then you must verify the configuration of the DHCP server and make sure that the DHCP server does not hand out IP addresses that are already assigned to students. While DHCP servers first try to verify whether a newly-assigned IP address is free, there is no reliable method of doing it. It is possible that your DHCP server was unable to find out (for whatever reason) that 10.30.24.1 was already used, and it assigned it to a client. Your DHCP should have a set of addresses excluded from assignments, covering all addresses that are already assigned.

Best regards,
Peter

sunsteel7378 · ‎05-26-2015

Sorry .... I'm using a translator.....

The wireless Internet users more than 10,000 people.
The device is less than 10 may cause problems.
The configuration is normal ....
889b.39ff.0789 is Samsung mobile phones, this device can only issue ...

Thank you for your kind reply.

Peter Paluch · ‎05-26-2015

Hello,

So what you are telling me is that this MAC address belongs to a Samsung mobile phone. That is okay, however, the question remains: How is it possible that your DHCP server assigned an already used IP address to this phone, and even worse, how come that this IP address is the address of the switch (probably the gateway for the other phones)?

There is nothing more I can suggest except what I have stated already. You must first verify the configuration of your DHCP server and make sure that it excludes the IP address 10.30.24.1 from assignments. Your DHCP server does not know that by default; you have to configure it explicitly to avoid assigning this IP address to clients.

Second, if you are absolutely sure that your DHCP server did not assign this IP address to the client (you have to prove this by looking at the DHCP server configuration and also into its binding database and making sure that the offending MAC address is not associated with 10.30.24.1), you should start thinking about using protective measures against malicious attacks caused by address conflicts. There are two primary methods of protection: Use the IP Source Guard combined with DHCP Snooping on your access layer switches to make sure clients can only use the IP address that was assigned to them via DHCP and not any other address, including statically configured address, or - if you are using a wireless controller - configure it so that it does not allow client access if the client uses a static (that is, non-DHCP) address. Any of these methods will prevent a client whose IP address has not been properly obtained from a DHCP server, from accessing the network.

Best regards,
Peter

sunsteel7378 · ‎05-26-2015

I think I try to do the protection against attacks.
Thank you very much.
Your answer was very helpful.
Thank you for your kind reply.

[Unknown Duplicate]%IP-4-DUPADDR: Duplicate address .......