| Description | This article describes how to quickly find out the MAC addresses of the devices that are using the same IP address. |
| Scope | FortiGate v6.2.x and above. |
| Solution |
Duplicate IP addresses can arise from a configuration or human error, such as a system administrator/Device user manually assigning an IP address that conflicts with an IP address already assigned by the DHCP server to a device, leading to an address collision. In this example, the FortiGate ARP table took more than 7 min to figure out the mac-address of the devices that have the duplicated IP. There is a fast way to discover that.
Step 1: Clean up the ARP table with the command execute clear system arp table. Use the get system arp to confirm that the ARP table is clean.
Step 2: Run the command diagnose sniffer packet <interface> "arp" 4 0. Note: Using the word any for the interface will generate too much output, so to reduce the output, specify the port that is connected to the devices with duplicated IP addresses.
Step 3 (optional): If possible, generate any traffic from one of the devices with the duplicate IP. In case the device is not known or does not have access to it, just wait until some traffic is created. It will generate two entries with both mac-addresses of the devices using the same IP address.
For the example below, ping has been used to generate some traffic.
Duplicate IP addresses may cause traffic issues, such as packets being sent but receiving no response from the destination due to a wrong destination MAC Address.
Network Topology:
diagnose sniffer packet port15 'host 192.168.1.2 and host 192.168.2.2' 6 1000 a port15 -- 192.168.2.2.5061 -> 192.168.1.2.59998: syn 3345322838 ack 1535814069
diagnose sniffer packet port15 'arp' 4 200 l |
