<

IF IP Addresses Conflict

One of CertIdea member sent me a mail and said he has an IP address conflict with another system on the network. And Now I am going to share you my experience if you meet an IP Addresses Conflict.

Every network device is required to own a unique IP address by the IP protocol, version 4. IP addresses conflict will be caused if two network devices like computers, printers, routers, firewalls, etc. have the same IP address on the same broadcast domain, local area network (LAN) or virtual local area network (VLAN) at the same time. That is because if the two devices have the same IT address, the traffic needed will be inconsistent. Then all the traffic will end up in only one of them, or that one packet will go to one and another will go to the other. This is unacceptable and can cause major disruption in the transferred information, and therefore network devices that implement the IP protocol are programmed to detect and avoid those conflicting conditions.

The detection mechanism is usually based on a probe address resolution protocol (ARP), where the host sends a broadcast ARP probe packet upon the interface configuration - either manual or dynamic addressing network (DHCP). At this point, a host with a conflicting address will reply to the probe packet and will cause the newly configured host to stop using its newly assigned IP address. When this happens in a DHCP, address renewal or a reboot will cause the conflicting device to request a new address and to eliminate the conflicting conditions. According to your description, this is probably the case. RFC 5227 is covering this mechanism in depth for the deep-diving readers.

Generally speaking, an IP address conflict is almost always a configuration mistake. While software bugs are the exception to that, I have yet to see one that causes this. It can be a mistake made by the network administrator in a DHCP-based network or by another user if the addresses are allocated manually in your network. In a DHCP environment, it can be caused by having two DHCP servers on the same network, or by having long address lease time and hosts that do not have a battery-based clock, which keeps track of time while they are turned off, like a VMware guest OS in suspended mode. Another common DHCP scenario is when an excluded range is not allocated for devices that have a static IP in a DHCP-controlled subnet. In a static or manual addressing network, a user might assign an address that is not available and create a conflict by doing that.

The way to detect and fix these conflicts is up to the network size. In a small office environment which is up to 10 network devices, you are supposed to check the settings on all of them and find the conflicting device. In larger networks, it can take days to cover all network devices, and a better approach is to use the media access control (MAC) address to track down the conflicting device.

First thing you should do is to find the two conflicting MAC addresses. You can usually find this info in the event log of a Windows-based device - sometimes the error message itself will contain the conflicting device's MAC address. After you identify the address, you can use the network switches to track down a network device by running a query against the layer two forwarding table and finding out what port is connected to the conflicting address. In a Cisco-switching-based network , the command “show MAC-address-table” will display the entire layer two forwarding database, and by using the question mark, you can learn how to leverage additional parameters to show only the information you want, because in a large network, the results can be multiple pages long.

Hannah Santhanam, CCIE, CCVP, CCSI, is a senor engineer from CertIdea IT certification training material provider. She can be reached at support@certidea.com.