ISE/802.1x - IP Conflict at 0.0.0.0?

ryan.lambert · ‎10-02-2012

Has anyone seen this issue?

We have Windows 7 clients running 802.1x that will pop up a message in the eventlog that there is an IP conflict with 0.0.0.0. This seems to cause an infinite loop of DHCP NACK and BAD_ADDRESS in the scope.

I am on code 1.1.1.268.

Thanks in advance.

-Ryan

ryan.lambert · ‎10-02-2012

As an aside, I know this seems at the surface to be a "Win 7 issue", but it's only running 802.1x. If I turn authentication off on the port, all is well.

Tarik Admani · ‎10-02-2012

Is this on wired? If so what switch and version are you using, i have seen this on the 4500s.

Here is an article that will help:

http://networkingblog.vvlabs.com/2012/07/cisco-ise-duplicate-ip-address-windows-7.html

Thanks,

Tarik Admani
*Please rate helpful posts*

ryan.lambert · ‎10-02-2012

Tarik,

Thanks for the info.

I'm running wired. My switch is a Cisco Catalyst 2960 on code version 12.2(58)SE2. This article seems like it might be exactly what I'm looking for... I have the "interval" option instead of "delay".

Guillaume BARBEROT · ‎10-22-2012

Hello i have the same issue only on a windows7 computer (all other computers are windows7 WindowsXP and are working fine)

switches : 3750-X in version 15.0.1.SE2

dot1x activated on switches, not on computer

sometimes, a duplicate message IP 0.0.0.0 appear on the W7 computer, and it is not able to commmunicate after that, even it has a FIXED ip

This is not a real duplicate Ip, the MAC AMC that has taken the IP 0.0.0.0 is a4:4c:11:44:xx:xx (seems to be a cisco switch ....)

I have found at : http://www.cisco.com/en/US/partner/docs/switches/lan/catalyst3750x_3560x/software/release/15.0_1_se/command/reference/cli1.html#wp9596478

that

The ARP probe default source IP address is the Layer 3 interface and 0.0.0.0 for switchports.

Since i have no IP for the user vlan on the 3750-x switch where ip device tracking is done, i assume this 0.0.0.0 Ip is viewed because of ARP probe requests sent by the switch ....

But we don't have the ip device tracking probe delay parameter on 3750 switches ... only seen on 4500

If anyone can confirm that ...

Perhaps adding an IP in the user vlan could be a workaround as it won't use 0.0.0.0 IP for arp probes ?

Ce message a été modifié par: Guillaume BARBEROT

Przemyslaw Konitz · ‎02-11-2013

I have a 4500 switch with IP address in user vlan but we still had this issue. So my answer to your idea would be no but u can try it.

Additinally I have DAI enabled and duplicate IP address was one thing and a lot of messages from DAI is another

%SW_DAI-4-DHCP_SNOOPING_DENY: 1 Invalid ARPs (Req) on Gi4/21, vlan 1.([0023.180a.4d91/10.186.232.130/0000.0000.0000/10.186.232.2/10:02:36 UTC Fri Feb 1 2013])

Now I'm testing the delay option.

What was suprising for me is that there was not "duplicate ..." popup when we used anyconnect as 802.1x supplicant.

regards

Guillaume BARBEROT · ‎02-11-2013

Thanks for your update about using 4500 with IP in the Vlan

Are you using the paramter "delay" for arp probes ?

(the one which is unavailable on my 3750-X, something like :

switch(config)#ip device tracking probe delay 5

On the computer, do you get the "ip conflict" box from windows7 ?

I managed to view this kind of event also in the system logs viewer on windows.

when we get thist popup, then the computer cannot communicate on the network, because windows is putting network card in a special state as it seen a duplicate IP : ipconfig /release and renew cleared the problem ... until next time !

Your info about anyconnect suplicant is interesting ... i don't know if the supplicant is catching all network traffic (arp/dhcp) and if it could intercept this kind of arp probes from cisco switches ... i doubt about it, but as the supplicant is aware of the ip address of the network card ...

Regards,

Guillaume

Przemyslaw Konitz · ‎02-11-2013

I've just turned the delay on - so yes now we are using it.

On the win7 PC we could see the popup about IP duplicate address but only for w moment, after a while (a few seconds) everything was ok. (the same on switch - a few DAI logs and then ok)

I don't believe that supplicant is catching that traffic rather it is delaying the ARP request when DHCP conflict detection phase was used and unfortunately it was the same time when switch was sending ARP probes.(without 802.1x feature everything was just fine).

Probably when using anyconnect the delay was a bit different and no such issue was seen - its only a guess.

Anyconnect was tried for a short while before "device tracking delay" was turned on so to be sure about it, it should be tested for a bit longer.

regards

Przemek

apocalypse_nsl · ‎07-15-2013

Is it possible to resolve by using "ip device tracking probe use-svi" command on 3750x switches?

brogers843 · ‎05-08-2014

Yes this resolved the problem on my network. I have (7) 3750x switch stacks. Make sure you apply this command to all switch stacks connected to the same vlan or the problem will continue to occur.

roussy.josiane · ‎11-28-2013

Did it worked?

Guillaume BARBEROT · ‎06-13-2014

Hello just to point out this link :

http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116529-problemsolution-product-00.html

"Duplicate IP Address 0.0.0.0 Error Message Troubleshoot"

no magic solution ...

last solution proposed is : "The final method described in this document is to disable duplicate-address detection on the client-side."

enjoy !

abwahid · ‎07-10-2014

Hi,

Go through the below link for exact answer of your query.

http://social.technet.microsoft.com/Forums/windowsserver/en-US/cb55cef4-773c-4f76-9764-1e591b9ba201/ip-conflict-with-0000-using-dot1x