IP Address Conflict.

Is there proxy arp enabled in your Cisco router? And too wide subnet mask in your workstations?

JV

Well, we have a subnet at 10.1.10.0/255.0.0.0 and

10.3.10.0/255.255.255.0, but this has been in place for a couple years now without any problems, but just recently this message starting occurring.

--tj

It looks like it was an actually conflict. Strange that the message never showed up on the computer, but on a different subnet than the machine was on.

Thanks,

--tj

This continues.

I'm now running ARPWATCH. It is detecting several IP ADDRESSES as flip flop. I'm hoping somebody can help recognize why all these addresses are flip flopping? The machine that arp flip flops creates a conflict with the Cisco router.

The machine's HW ether flip flops and changes to the MAC address of the Cisco router that separates the two subnets.

10.0.0.0/8 and 10.3.10.0/24

Any help would be great.

Thanks,

--tj

Poor design there I'm afraid, If those subnets are on the same router, and it's a Cisco, the Cisco will be OK, but end systems may be a little unpredictable, as one of your subnets falls *within* the other. A /8 is also insanely large. Make it smaller. A lot smaller.

That does give the obvious opportunity for say, 10.3.10.42 to be allocated on both sides. The Cisco will send any traffic for it to the interface with

10.3.10.0/24 though, not to 10.0.0.0/8. Any device on 10.0.0.0/8 will think it is local and will ARP for it rather than using the gateway.

Is there only the one Cisco router? Are you using anything like HSRP or GLBP? I would imagine GLBP would confuse something like arpwatch!

This started after on the end stations moved from the old subnet

10.0.0.0/8 to the new subnet 10.3.10.0/24. This is a Windows XP workstation that included an ip printer.

--tj

You probably have something with the wrong address in the wrong place - is there any bridging between the subnets at all?