HPE Community
Operating System - Linux
1752790 Members
6079 Online
108789 Solutions
New Discussion юеВ

How to find/locate offending duplicate IP machine

 
SOLVED
Go to solution
IT Csar
Occasional Advisor

тАО10-12-2009 03:39 PM

тАО10-12-2009 03:39 PM

How to find/locate offending duplicate IP machine

I have about 40-50 servers, 150 notebook/desktop and 10 switches in our company. Once or twice a day, monitoring software sends me alarm regarding duplicate IP (of our NIS/DHCP server). I was able to capture MAC address of the offender, but vendor name is not useful since 90% of our equipment comes from them.

Since it is a production server, solution involving network shutdowns and other drastic actions are not acceptable.

Thanks and looking forward for your words of wisdom.

Oleg B
0 Kudos
Reply
2 REPLIES 2
Ivan Krastev
Honored Contributor

тАО10-12-2009 04:05 PM

тАО10-12-2009 04:05 PM

Re: How to find/locate offending duplicate IP machine

Be prepared when this happens again to log on to the switches and check mac address tables.
Another way is to configure all switches to send syslogs to central server.

regards,
ivan
0 Kudos
Reply
Matti_Kurkela
Honored Contributor

тАО10-13-2009 06:31 AM

тАО10-13-2009 06:31 AM

Solution

Re: How to find/locate offending duplicate IP machine

Depending on features available in your switches, you could perhaps use a more proactive strategy.

First, inform your helpdesk/PC support people that someone is using a wrong IP address, that it's causing trouble to other users, and that you're going to disable the offender's network access until the problem is fixed.

In the switches' ARP tables, associate the offender's MAC permanently with a totally non-functional IP address, such as 127.66.66.66. Do this in all switches,

Alternatively, if your switches have MAC address based ACLs, use them to deny all access for the offending MAC.

Test these strategies first, targetting a known test system whose behaviour you can monitor.
Prepare a way to undo your changes quickly, in case it turns out that the offender is the CEO :-)

Then wait for the offender to make itself known, probably by complaining that his system suddenly cannot connect to any network service within the company...

MK
MK
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.