Wanted: log message if other device has same IPv4 device as layer 3 switch (132 Views)
Reply
Frequent Advisor
ThomasGlanzmann
Posts: 46
Registered: ‎03-07-2012
Message 1 of 3 (132 Views)

Wanted: log message if other device has same IPv4 device as layer 3 switch

Hello,

on my Cisco 3560G it logs when there is a device with his ip address on the network:

 

Sep  4 17:20:30 merlin 1781: 001777: Sep  4 15:20:29.892: %IP-4-DUPADDR: Duplicate address 10.101.0.1 on Vlan101, sourced by 0050.5692.071d

 I tried to reproduce the behaviour on a comware 5 HP 5800-24G Switch (JC100A) with the lastest firmware, but I'm

unable to. Is there a trick to detect these or do I now have to deploy arpwatch or simliar to each VLAN?

 

I let all my switches log to a central syslog server and once an event happens that I want to be informed about I send

myself an e-mail using a syslog-ng filter.

 

Cheers,

     Thomas

Please use plain text.
Regular Advisor
Apachez-
Posts: 128
Registered: ‎10-06-2013
Message 2 of 3 (112 Views)

Re: Wanted: log message if other device has same IPv4 device as layer 3 switch

There is an "arp detection enable" you can set on the vlan like:

 

vlan 100

arp detection enable

 

However this feature seems to be linked to dhcp-snooping (which must be enabled first unless I misread the manual).

Please use plain text.
Regular Advisor
Apachez-
Posts: 128
Registered: ‎10-06-2013
Message 3 of 3 (95 Views)

Re: Wanted: log message if other device has same IPv4 device as layer 3 switch

There is a similar thing for mac-addresses but I have not yet found anything particular for ip-collission logging:

 

mac-flapping notification enable

 

Use mac-flapping notification enable to enable MAC address migration log notifying.
Use undo mac-flapping notification enable to disable the MAC address migration notifying.

 

Syntax
mac-flapping notification enable

undo mac-flapping notification enable

 

Default
MAC address migration log notifying is disabled.  

 

Views
System view

 

Default command level:
2: System level

 

Usage guidelines
A MAC address migration log contains a MAC address, ID of the VLAN to which the MAC address
belongs, source interface from which the MAC address migrates, and the current interface with which the
MAC address associates.
After enabling MAC address migration log notifying, the MAC address migration log of the last 1 minute
are displayed once every 1 minute.
Up to 10 logs can be saved in 1 minute.  

 

Examples
# Enable MAC address migration log notifying.
<Sysname> system-view
[Sysname] mac-flapping notification enable
[Sysname]
%Sep 21 14:09:22:420 2012 HP MAC/5/MAC_FLAPPING: MAC address 0000-0012-0034 in vlan 500
has flapped from port GigabitEthernet1/0/16 to port GigabitEthernet1/0/1 1 time(s).

 

The output shows that the MAC address 0000-0012-0034 belongs to VLAN 500, the source interface
from which the MAC address migrates from is GE1/0/16, the current interface with which the MAC
address associates is GE1/0/1, and the MAC address migrates one time in the last one minute.

Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation