Cisco Switch causes duplicate IP address conflict errors on Windows 7


Solution:

Note: If the IP device tracking feature is turned on globally, you have no option to turn this off globally.

Option 1: Alter the device tracking probe packet to use the switch virtual interfaces

This option only works if you are running the switch in layer 3 with a SVI interface configured for the VLAN that is experiencing this error.

ip device tracking probe use-svi

Option 2: Alter the device tracking probe packet to a different IP – Best option if option 1 is not applicable

Introduced in Cisco IOS Version 15.2(2)E, this option allows you to manipulate the source IP address to an IP address other than 0.0.0.0 as Windows IP address conflict detection only looks for ARPs with source IP address of 0.0.0.0. Note that this will inject an entry into the host’s ARP table with the IP address used. Also the IP address selected will be masked according to the IP address range, ie if your DHCP offers 192.168.0.0/24 the below setting will cause the source IP address to be 192.168.0.1. Please select your IP wisely.

ip device tracking probe auto-source fallback 0.0.0.1 255.255.255.0 override

Option 3: Set a delay timer for the probe – Doesn’t really work

By altering the probe delay timer to 10 seconds which is the time it takes for the Windows IP address conflict detection to end, you “may” be able to avoid this problem. However, this option only affects the host when it receives a link UP. The IP address conflict problem could still arise on systems that are permanently connected to the switch and stay powered on.

ip device tracking probe delay 10

Option 4: Disable IP device tracking on per interface level

This option does not really disable IP device tracking, it simply sets the number of devices being tracked to 0 causing the switch to not send out probes on the configured interface. Beware that there are known bugs with certain IOS versions which causes issues with port-channels.

ip device tracking max 0

IP Device tracking is used by the following features

  1. NMSP
  2. Device sensor
  3. 802.1X, MAB, Session Manager,
  4. WebAuth, auth-proxy
  5. IPSG for static hosts
  6. Flexible NetFlow
  7. Cisco TrustSec (CTS)
  8. Mediatrace

Disclaimer: Disable IP device tracking at your own risk as it could affect the above features. I have not tested any of the features and how they interact with IP device tracking.

Option 5: Disable IP address conflict detection on your Windows system

This option is the worst option among all – you may through a registry edit, turn off IP address conflict detection on Windows. This actually turns off gratuitous ARPs.

  1. Open the Registry editor.
  2. In Windows 7 and Current – Click Start, type regedit, and click OK.
  3. Locate this registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
  4. Click Edit > New, and click DWORD Value.
  5. Type ArpRetryCount.
  6. Right-click the ArpRetryCount registry entry and click Modify.
  7. In the Value box, type 0 and click OK.
  8. Exit the Registry Editor

Option 6: Downgrade your Cisco IOS to a version that does not turn on IP Device tracking by default

There are versions of IOS code on the 2960X platform that has this feature disabled globally. 15.0(2)EX5 is a version that I have tested that does not turn this feature on by default. This means you have the choice of enabling this feature or disabling the feature globally.

References:

https://tools.ietf.org/html/rfc5227
http://www.cisco.com/c/en/us/support/docs/ios-nx-os-software/8021x/116529-problemsolution-product-00.html
https://trustdarkness.com/wordpress/disable-duplicate-ip-address-conflict-checking-in-windows/

Related Posts with Thumbnails