| Description | This article describes how to quickly find out mac-addresses of the devices that are using the same IP address. |
| Scope | FortiGate 6.2.x and above. |
| Solution |
Sometimes, a duplicate IP address can be caused by a configuration error or human error, for example, a junior system admin has assigned an IP address to a device that was already in use by other devices. In this example, the FortiGate ARP table took more than 7 min to figure out the mac-address of the devices that have the duplicated IP. There is a fast way to discover that.
Step 1: Clean up the ARP table with the command execute clear system arp table. Use get system arp to confirm that the ARP table is clean. 
Step 2: Run the command diagnose sniffer packet <port_number> "arp" 4 0. NOTE: Using the word any for the port number will generate too much output, so to reduce the output specifies the port that is connected to the devices with duplicated IP addresses.
Step 3 (optional): If possible, generate any traffic from one of the devices with the duplicate IP. In case the device is not known or does not have access to it, just wait until some traffic is created. It will generate two entries with both mac-addresses of the devices using the same IP address.
For the example below, ping has been used to generate some traffic.
 |
