Skip to main content
obika
obika
New Member
August 8, 2014
Question

DUPLICATE IP ISSUE WITH FORTIGATE1000C

  • August 8, 2014
  • 3 replies
  • 11221 views
Hey Guys. Am having this issue has anyone experienced such before. Once i bring up a vdom on a FG1000C i get a duplicate IP address log on my Cisco (PE) router. Also note that i create vlan both on the inside/outside for clients to separate their services on the switch thereby make the Fortigate interface inside/outside to switch trunk. What could be causing the duplicate IP. I have attached the Cisco router log. Regards Obika CCNA,FCNSA,FCNSP,

    3 replies

    emnoc
    emnoc
    New Member
    August 8, 2014
    My 1st guess is a loop but let' s get more info on your topology are you running nat-routed or transparent mode? Are the subinterfaces built on the fortigate ? if you remove one vlan tag does the problem stll exists?
    obika
    obikaAuthor
    New Member
    August 11, 2014
    Thanks emnoc, Am running on a Nat- mode, The subinterface are built on the fortigate,however the vlan was not created on the fortigate rather on the switch. Find attached the design doc.
    emnoc
    emnoc
    New Member
    August 11, 2014
    I' m sorry I don' t understand the diagram. Can you provide the sub-interface cfgs for the fortigate? Are you using one port for the inside/outside interfaces? And the port cfg on the 2960S?
    obika
    obikaAuthor
    New Member
    August 11, 2014
    Hi emnoc, find below the config. =========================================== spanning-tree mode rapid-pvst spanning-tree extend system-id ! ! ! vlan 2 name RACK_CENTRE_LAN_TEST ! vlan 9 name RAC_Internet ! vlan 11 name SPORT_BET ! vlan 39 ! vlan 107 name RACK_4TGATE_OUTSIDE ! vlan 108 name SATMANAGE_Mgmt ! vlan 109 name SATMANAGE_VLAN ! vlan 110 name 4Tgate_Test ! vlan 203 name VOIP_INTERNET ! vlan 205 name VOIP_LAN ! vlan 206 name VOIP_LAN_1 ! vlan 318 name Sportbet_4Tgate-insi ! vlan 319 name Sportbet_4tgate_outs ! vlan 901 name Switch_Mgmt_vlan ! ! ! interface Loopback0 no ip address ! interface FastEthernet0/1 description connection to iDirect_Upstream switch for SATMANAGE switchport trunk allowed vlan 108 switchport mode trunk ! interface FastEthernet0/2 ! interface FastEthernet0/3 ! interface FastEthernet0/4 ! interface FastEthernet0/5 ! interface FastEthernet0/6 ! interface FastEthernet0/7 switchport mode trunk ! interface FastEthernet0/8 switchport mode trunk ! interface FastEthernet0/9 switchport mode trunk ! interface FastEthernet0/10 switchport mode trunk ! interface FastEthernet0/11 switchport mode trunk spanning-tree guard root ! interface FastEthernet0/12 switchport mode trunk ! interface FastEthernet0/13 description connection to EdgPE01----Outside switchport trunk allowed vlan 107,109,205,206,319 switchport mode trunk ip arp inspection trust spanning-tree guard root ! interface FastEthernet0/14 description connection to EdgPE01----Inside switchport trunk allowed vlan 11,318 switchport mode trunk ip arp inspection trust speed 100 duplex full spanning-tree guard root ! interface FastEthernet0/15 switchport mode trunk ! interface FastEthernet0/16 switchport mode trunk ! interface FastEthernet0/17 description connection to 4TGATE----Outside switchport trunk allowed vlan 107,109,205,319 switchport mode trunk switchport protected ip arp inspection trust spanning-tree guard root ! interface FastEthernet0/18 description connection to 4TGATE----Inside switchport trunk allowed vlan 1,9,11,108,110,203,318 switchport mode trunk ip arp inspection trust spanning-tree guard root ! interface FastEthernet0/19 description connection to 4Tgate_SW2 ! interface FastEthernet0/20 ! ! !
    emnoc
    emnoc
    New Member
    August 11, 2014
    Okay that' s much better, this looks great and not obvious sticks out. I do question why you have " switchport protected " on fas0/17? Also why so many vlans ID? On Fas0/19 what is this connected to . Do you have an cfgs you can share of how you defined the sub-interfaces on the 4-T-gates? And does the duplication of the mac address display the offender mac_address?
    obika
    obikaAuthor
    New Member
    August 11, 2014
    The reason i have so many vlans is that i have several Vdoms on my fortigate 1000C.
    obika
    obikaAuthor
    New Member
    August 12, 2014
    Hi emnoc, The issue been resolved now, i found out that there was no connection to my second FGT 1000C from the router, since i have a HA cluster, so whenever a vlan is provisioned on the router it flags it as a duplicate IP. So i simply plugged a cable from the router to the 2nd FGT and its all sorted now Regards Obika
    Terms & ConditionsAccessibility statement