Solved: Cisco IP Device Tracking Causing Duplicate IP Address Conflict
- BITS
- Jan 13, 2023
- 1 min read
Did a root cause analysis for a recurring network issue. This came up while doing an unrelated project and wasn’t in scope but I went ahead and tracked down the cause.
Systems were intermittently not connecting back to the network after reboots. If you consoled into the VM you would see the yellow bang on the network icon. Additionally you would see the network profile changed to public and an ipconfig /all showed a detected duplicate IP.
Users had fixed this by toggling the network off and on.
These systems were statically IPed and there were no duplicate IP addresses on the network. The event log showed an ip address conflict for ip address 0.0.0.0 from a Cisco hardware mac (3C-0E-23).
Researching this led me to Cisco’s article:
The first upstream network device had ip tracking turned off. Following the Cisco mac address through the network I found a 3850 which had IP Device Tracking turned on globally and applied on a trunked port. This was the root of the conflict.
The quick and least impactful fix was to change the delay time for the probe until after Windows has done its detection for an IP address conflict.
ip device tracking probe delay 10
Did this and tested rebooting systems which had the issue and so far it hasn’t repeated. This was an informative and fun troubleshooting exercise!
After the fact I found a good write up:
Comments