Good day,
Living in large network, where core SW is a Omni 6400U in stack.
There is a problem in founding duplicate ARP entries... as in 9000 there is a log messages afout it happens..
how can I see those messages in 6400 ?
It is too difficult do ARP static on customer side, because they often need to be changed..
ARP protection and ARP poisoning detection
-
one6f
Re: ARP protection and ARP poisoning detection
Hi,
when you mean duplicate arp entries on your local switch, OmniSwitches detect duplicate IP addresses on their interfaces since 5.1.4; this information is displayed on the switch's console and recorded in the swlog.
In a large network environment duplicate IP addresses can be detected using the properly configured DHCP servers and checking the configuration of the machines on the LAN segment. The DHCP server will not assign a single IP address to more than one client. Under certain conditions, the DHCP server will attempt to verify that an address is not currently in use before it assigns it to a client. In extreme cases, arp messages have to be monitored to determine which machines are in conflict.
On Windows based network workstations itself will detect (through broadcasts) if there is a duplicate IP address on the network and will display error messages to that effect.
You may need to use network sniffer to monitor arp traffic, looking for the arp messages that use two different MAC addresses for the same IP address.
There are some db-based software that can help to find duplicate ip: SolarWinds IP Address Tracker, What's Up?, ManageEngine, IP Address Manager.
Alcatels VitalQIP detects rogue and duplicate IP addresses based on the created AutoDiscovery database.
SFlow Traffic Sentinel can be adapted to search duplicates in large networks.
when you mean duplicate arp entries on your local switch, OmniSwitches detect duplicate IP addresses on their interfaces since 5.1.4; this information is displayed on the switch's console and recorded in the swlog.
In a large network environment duplicate IP addresses can be detected using the properly configured DHCP servers and checking the configuration of the machines on the LAN segment. The DHCP server will not assign a single IP address to more than one client. Under certain conditions, the DHCP server will attempt to verify that an address is not currently in use before it assigns it to a client. In extreme cases, arp messages have to be monitored to determine which machines are in conflict.
On Windows based network workstations itself will detect (through broadcasts) if there is a duplicate IP address on the network and will display error messages to that effect.
You may need to use network sniffer to monitor arp traffic, looking for the arp messages that use two different MAC addresses for the same IP address.
There are some db-based software that can help to find duplicate ip: SolarWinds IP Address Tracker, What's Up?, ManageEngine, IP Address Manager.
Alcatels VitalQIP detects rogue and duplicate IP addresses based on the created AutoDiscovery database.
SFlow Traffic Sentinel can be adapted to search duplicates in large networks.
