- Community Home
- >
- Servers and Operating Systems
- >
- Operating Systems
- >
- Operating System - Linux
- >
- How to find/locate offending duplicate IP machine
Operating System - Linux
1752790
Members
6079
Online
108789
Solutions
Forums
Categories
Company
Local Language
юдл
back
Forums
Discussions
Forums
- Data Protection and Retention
- Entry Storage Systems
- Legacy
- Midrange and Enterprise Storage
- Storage Networking
- HPE Nimble Storage
Discussions
Discussions
Discussions
Forums
Forums
Discussions
юдл
back
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
- BladeSystem Infrastructure and Application Solutions
- Appliance Servers
- Alpha Servers
- BackOffice Products
- Internet Products
- HPE 9000 and HPE e3000 Servers
- Networking
- Netservers
- Secure OS Software for Linux
- Server Management (Insight Manager 7)
- Windows Server 2003
- Operating System - Tru64 Unix
- ProLiant Deployment and Provisioning
- Linux-Based Community / Regional
- Microsoft System Center Integration
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Discussion Boards
Blogs
Information
Community
Resources
Community Language
Language
Forums
Blogs
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-12-2009 03:39 PM
тАО10-12-2009 03:39 PM
I have about 40-50 servers, 150 notebook/desktop and 10 switches in our company. Once or twice a day, monitoring software sends me alarm regarding duplicate IP (of our NIS/DHCP server). I was able to capture MAC address of the offender, but vendor name is not useful since 90% of our equipment comes from them.
Since it is a production server, solution involving network shutdowns and other drastic actions are not acceptable.
Thanks and looking forward for your words of wisdom.
Oleg B
Since it is a production server, solution involving network shutdowns and other drastic actions are not acceptable.
Thanks and looking forward for your words of wisdom.
Oleg B
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-12-2009 04:05 PM
тАО10-12-2009 04:05 PM
Re: How to find/locate offending duplicate IP machine
Be prepared when this happens again to log on to the switches and check mac address tables.
Another way is to configure all switches to send syslogs to central server.
regards,
ivan
Another way is to configure all switches to send syslogs to central server.
regards,
ivan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
тАО10-13-2009 06:31 AM
тАО10-13-2009 06:31 AM
Solution
Depending on features available in your switches, you could perhaps use a more proactive strategy.
First, inform your helpdesk/PC support people that someone is using a wrong IP address, that it's causing trouble to other users, and that you're going to disable the offender's network access until the problem is fixed.
In the switches' ARP tables, associate the offender's MAC permanently with a totally non-functional IP address, such as 127.66.66.66. Do this in all switches,
Alternatively, if your switches have MAC address based ACLs, use them to deny all access for the offending MAC.
Test these strategies first, targetting a known test system whose behaviour you can monitor.
Prepare a way to undo your changes quickly, in case it turns out that the offender is the CEO :-)
Then wait for the offender to make itself known, probably by complaining that his system suddenly cannot connect to any network service within the company...
MK
First, inform your helpdesk/PC support people that someone is using a wrong IP address, that it's causing trouble to other users, and that you're going to disable the offender's network access until the problem is fixed.
In the switches' ARP tables, associate the offender's MAC permanently with a totally non-functional IP address, such as 127.66.66.66. Do this in all switches,
Alternatively, if your switches have MAC address based ACLs, use them to deny all access for the offending MAC.
Test these strategies first, targetting a known test system whose behaviour you can monitor.
Prepare a way to undo your changes quickly, in case it turns out that the offender is the CEO :-)
Then wait for the offender to make itself known, probably by complaining that his system suddenly cannot connect to any network service within the company...
MK
MK
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
News and Events
Support
© Copyright 2024 Hewlett Packard Enterprise Development LP