- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- DUPLICATE IP ISSUE WITH FORTIGATE1000C
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
DUPLICATE IP ISSUE WITH FORTIGATE1000C
Hey Guys.
Am having this issue has anyone experienced such before.
Once i bring up a vdom on a FG1000C i get a duplicate IP address log on my Cisco (PE) router.
Also note that i create vlan both on the inside/outside for clients to separate
their services on the switch thereby make the Fortigate interface inside/outside to switch trunk.
What could be causing the duplicate IP.
I have attached the Cisco router log.
Regards
Obika
CCNA,FCNSA,FCNSP,
System Engineer
System Engineer
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
My 1st guess is a loop but let' s get more info on your topology are you running nat-routed or transparent mode?
Are the subinterfaces built on the fortigate ?
if you remove one vlan tag does the problem stll exists?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I' m sorry I don' t understand the diagram. Can you provide the sub-interface cfgs for the fortigate? Are you using one port for the inside/outside interfaces?
And the port cfg on the 2960S?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi emnoc,
find below the config.
===========================================
spanning-tree mode rapid-pvst
spanning-tree extend system-id
!
!
!
vlan 2
name RACK_CENTRE_LAN_TEST
!
vlan 9
name RAC_Internet
!
vlan 11
name SPORT_BET
!
vlan 39
!
vlan 107
name RACK_4TGATE_OUTSIDE
!
vlan 108
name SATMANAGE_Mgmt
!
vlan 109
name SATMANAGE_VLAN
!
vlan 110
name 4Tgate_Test
!
vlan 203
name VOIP_INTERNET
!
vlan 205
name VOIP_LAN
!
vlan 206
name VOIP_LAN_1
!
vlan 318
name Sportbet_4Tgate-insi
!
vlan 319
name Sportbet_4tgate_outs
!
vlan 901
name Switch_Mgmt_vlan
!
!
!
interface Loopback0
no ip address
!
interface FastEthernet0/1
description connection to iDirect_Upstream switch for SATMANAGE
switchport trunk allowed vlan 108
switchport mode trunk
!
interface FastEthernet0/2
!
interface FastEthernet0/3
!
interface FastEthernet0/4
!
interface FastEthernet0/5
!
interface FastEthernet0/6
!
interface FastEthernet0/7
switchport mode trunk
!
interface FastEthernet0/8
switchport mode trunk
!
interface FastEthernet0/9
switchport mode trunk
!
interface FastEthernet0/10
switchport mode trunk
!
interface FastEthernet0/11
switchport mode trunk
spanning-tree guard root
!
interface FastEthernet0/12
switchport mode trunk
!
interface FastEthernet0/13
description connection to EdgPE01----Outside
switchport trunk allowed vlan 107,109,205,206,319
switchport mode trunk
ip arp inspection trust
spanning-tree guard root
!
interface FastEthernet0/14
description connection to EdgPE01----Inside
switchport trunk allowed vlan 11,318
switchport mode trunk
ip arp inspection trust
speed 100
duplex full
spanning-tree guard root
!
interface FastEthernet0/15
switchport mode trunk
!
interface FastEthernet0/16
switchport mode trunk
!
interface FastEthernet0/17
description connection to 4TGATE----Outside
switchport trunk allowed vlan 107,109,205,319
switchport mode trunk
switchport protected
ip arp inspection trust
spanning-tree guard root
!
interface FastEthernet0/18
description connection to 4TGATE----Inside
switchport trunk allowed vlan 1,9,11,108,110,203,318
switchport mode trunk
ip arp inspection trust
spanning-tree guard root
!
interface FastEthernet0/19
description connection to 4Tgate_SW2
!
interface FastEthernet0/20
!
!
!
System Engineer
System Engineer
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Okay that' s much better, this looks great and not obvious sticks out. I do question why you have " switchport protected " on fas0/17?
Also why so many vlans ID?
On Fas0/19 what is this connected to . Do you have an cfgs you can share of how you defined the sub-interfaces on the 4-T-gates?
And does the duplication of the mac address display the offender mac_address?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi emnoc,
The issue been resolved now, i found out that there was no connection to my second FGT 1000C from the router, since i have a HA cluster, so whenever a vlan is provisioned on the router it flags it as a duplicate IP.
So i simply plugged a cable from the router to the 2nd FGT and its all sorted now
Regards
Obika
Obika
System Engineer
System Engineer
Related Posts
- Source NAT with miltiple IPsec using... 506 Views
- TCP Retransmission, out of order and... 1918 Views
- Duplicate IP - FortiGate won't let... 513 Views
- Duplicates Routes - SSL VPN 971 Views
- SD-WAN data de-duplication issue for UDP... 1899 Views
Labels
-
FortiGate
6,570 -
FortiClient
1,308 -
5.2
801 -
5.4
639 -
FortiManager
567 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
337 -
FortiAP
336 -
FortiClient EMS
267 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
108 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
70 -
4.0MR3
64 -
SSL-VPN
61 -
Wireless Controller
58 -
FortiProxy
45 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
25 -
Firewall policy
24 -
FortiConnect
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
15 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
Virtual IP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
SSO
6 -
Traffic shaping policy
5 -
SNMP
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
Proxy policy
4 -
packet capture
4 -
WAN optimization
4 -
Automation
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
Port policy
4 -
FortiScan
4 -
IPS signature
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Web profile
3 -
DoS policy
3 -
Intrusion prevention
3 -
FortiDB
3 -
FortiDeceptor
2 -
Fortinet Engage Partner Program
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
Traffic shaping profile
2 -
VoIP profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
System settings
2 -
4.0MR1
1 -
TACACS
1 -
Users
1 -
Replacement messages
1 -
Schedule
1 -
Subscription Renewal Policy
1 -
SDN connector
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Web rating
1 -
Email filter profile
1 -
Internet Service Database
1 -
Multicast routing
1 -
Zone
1 -
Explicit proxy
1 -
Protocol option
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.