Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DUPLICATE IP ISSUE WITH FORTIGATE1000C
Hey Guys.
Am having this issue has anyone experienced such before.
Once i bring up a vdom on a FG1000C i get a duplicate IP address log on my Cisco (PE) router.
Also note that i create vlan both on the inside/outside for clients to separate
their services on the switch thereby make the Fortigate interface inside/outside to switch trunk.
What could be causing the duplicate IP.
I have attached the Cisco router log.
Regards
Obika
CCNA,FCNSA,FCNSP,
System Engineer
System Engineer
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My 1st guess is a loop but let' s get more info on your topology are you running nat-routed or transparent mode?
Are the subinterfaces built on the fortigate ?
if you remove one vlan tag does the problem stll exists?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks emnoc,
Am running on a Nat- mode,
The subinterface are built on the fortigate,however the vlan was not created on the fortigate rather on the switch.
Find attached the design doc.
System Engineer
System Engineer
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' m sorry I don' t understand the diagram. Can you provide the sub-interface cfgs for the fortigate? Are you using one port for the inside/outside interfaces?
And the port cfg on the 2960S?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi emnoc,
find below the config.
===========================================
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
vlan 2
name RACK_CENTRE_LAN_TEST
!
vlan 9
name RAC_Internet
!
vlan 11
name SPORT_BET
!
vlan 39
!
vlan 107
name RACK_4TGATE_OUTSIDE
!
vlan 108
name SATMANAGE_Mgmt
!
vlan 109
name SATMANAGE_VLAN
!
vlan 110
name 4Tgate_Test
!
vlan 203
name VOIP_INTERNET
!
vlan 205
name VOIP_LAN
!
vlan 206
name VOIP_LAN_1
!
vlan 318
name Sportbet_4Tgate-insi
!
vlan 319
name Sportbet_4tgate_outs
!
vlan 901
name Switch_Mgmt_vlan
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/1
description connection to iDirect_Upstream switch for SATMANAGE
switchport trunk allowed vlan 108
switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
switchport mode trunk
!
interface FastEthernet0/8
switchport mode trunk
!
interface FastEthernet0/9
switchport mode trunk
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
switchport mode trunk
spanning-tree guard root
!
interface FastEthernet0/12
switchport mode trunk
!
interface FastEthernet0/13
description connection to EdgPE01----Outside
switchport trunk allowed vlan 107,109,205,206,319
switchport mode trunk
ip arp inspection trust
spanning-tree guard root
!
interface FastEthernet0/14
description connection to EdgPE01----Inside
switchport trunk allowed vlan 11,318
switchport mode trunk
ip arp inspection trust
speed 100
duplex full
spanning-tree guard root
!
interface FastEthernet0/15
switchport mode trunk
!
interface FastEthernet0/16
switchport mode trunk
!
interface FastEthernet0/17
description connection to 4TGATE----Outside
switchport trunk allowed vlan 107,109,205,319
switchport mode trunk
switchport protected
ip arp inspection trust
spanning-tree guard root
!
interface FastEthernet0/18
description connection to 4TGATE----Inside
switchport trunk allowed vlan 1,9,11,108,110,203,318
switchport mode trunk
ip arp inspection trust
spanning-tree guard root
!
interface FastEthernet0/19
description connection to 4Tgate_SW2
!
interface FastEthernet0/20
!
!
!
System Engineer
System Engineer
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay that' s much better, this looks great and not obvious sticks out. I do question why you have " switchport protected " on fas0/17?
Also why so many vlans ID?
On Fas0/19 what is this connected to . Do you have an cfgs you can share of how you defined the sub-interfaces on the 4-T-gates?
And does the duplication of the mac address display the offender mac_address?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The reason i have so many vlans is that i have several Vdoms on my fortigate 1000C.
System Engineer
System Engineer
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi emnoc,
The issue been resolved now, i found out that there was no connection to my second FGT 1000C from the router, since i have a HA cluster, so whenever a vlan is provisioned on the router it flags it as a duplicate IP.
So i simply plugged a cable from the router to the 2nd FGT and its all sorted now
Regards
Obika
System Engineer
System Engineer