Skip to ContentSkip to Footer
Start of content
- Community Home
- >
- Servers and Operating Systems
- >
- Operating System - Linux
- >
- System Administration
- >
- How to find/locate offending duplicate IP machine
System Administration
-
- Forums
-
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
- HPE Blog, Austria, Germany & Switzerland
- Blog HPE, France
- HPE Blog, Italy
- HPE Blog, Japan
- HPE Blog, Middle East
- HPE Blog, Latin America
- HPE Blog, Russia
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
-
Blogs
- Advancing Life & Work
- Advantage EX
- Alliances
- Around the Storage Block
- HPE Blog, Latin America
- HPE Blog, Middle East
- HPE Blog, Saudi Arabia
- HPE Blog, South Africa
- HPE Blog, UK & Ireland
- HPE Ezmeral: Uncut
- OEM Solutions
- Servers & Systems: The Right Compute
- Tech Insights
- The Cloud Experience Everywhere
-
Information
- Community
- Welcome
- Getting Started
- FAQ
- Ranking Overview
- Rules of Participation
- Tips and Tricks
- Resources
- Announcements
- Email us
- Feedback
- Information Libraries
- Integrated Systems
- Networking
- Servers
- Storage
- Other HPE Sites
- Support Center
- Aruba Airheads Community
- Enterprise.nxt
- HPE Dev Community
- Cloud28+ Community
- Marketplace
-
Forums
-
Blogs
-
Information
-
English
Go to solution
Topic Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Printer Friendly Page
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-12-2009 03:39 PM
10-12-2009 03:39 PM
I have about 40-50 servers, 150 notebook/desktop and 10 switches in our company. Once or twice a day, monitoring software sends me alarm regarding duplicate IP (of our NIS/DHCP server). I was able to capture MAC address of the offender, but vendor name is not useful since 90% of our equipment comes from them.
Since it is a production server, solution involving network shutdowns and other drastic actions are not acceptable.
Thanks and looking forward for your words of wisdom.
Oleg B
Since it is a production server, solution involving network shutdowns and other drastic actions are not acceptable.
Thanks and looking forward for your words of wisdom.
Oleg B
Solved! Go to Solution.
2 REPLIES 2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-12-2009 04:05 PM
10-12-2009 04:05 PM
Re: How to find/locate offending duplicate IP machine
Be prepared when this happens again to log on to the switches and check mac address tables.
Another way is to configure all switches to send syslogs to central server.
regards,
ivan
Another way is to configure all switches to send syslogs to central server.
regards,
ivan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
10-13-2009 06:31 AM
10-13-2009 06:31 AM
Solution
Depending on features available in your switches, you could perhaps use a more proactive strategy.
First, inform your helpdesk/PC support people that someone is using a wrong IP address, that it's causing trouble to other users, and that you're going to disable the offender's network access until the problem is fixed.
In the switches' ARP tables, associate the offender's MAC permanently with a totally non-functional IP address, such as 127.66.66.66. Do this in all switches,
Alternatively, if your switches have MAC address based ACLs, use them to deny all access for the offending MAC.
Test these strategies first, targetting a known test system whose behaviour you can monitor.
Prepare a way to undo your changes quickly, in case it turns out that the offender is the CEO :-)
Then wait for the offender to make itself known, probably by complaining that his system suddenly cannot connect to any network service within the company...
MK
First, inform your helpdesk/PC support people that someone is using a wrong IP address, that it's causing trouble to other users, and that you're going to disable the offender's network access until the problem is fixed.
In the switches' ARP tables, associate the offender's MAC permanently with a totally non-functional IP address, such as 127.66.66.66. Do this in all switches,
Alternatively, if your switches have MAC address based ACLs, use them to deny all access for the offending MAC.
Test these strategies first, targetting a known test system whose behaviour you can monitor.
Prepare a way to undo your changes quickly, in case it turns out that the offender is the CEO :-)
Then wait for the offender to make itself known, probably by complaining that his system suddenly cannot connect to any network service within the company...
MK
MK
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.
End of content
United States
Hewlett Packard Enterprise International
Communities
- Communities
- HPE Blogs and Forum
© Copyright 2021 Hewlett Packard Enterprise Development LP