This document describes a problem where a Duplicate IP Address 0.0.0.0 error message is received by clients who run Microsoft (MS) Windows Vista and later versions, and provides methods to resolve and troubleshoot the problem.
With Windows Vista and later versions, MS introduced a new mechanism that is used in order to detect duplicate addresses on the network when the DHCP process occurs. This new detection flow is described in RFC 5227.
One of the triggers for this detection flow is defined in section 2.1.1:
In addition, if during this period the host receives any ARP Probe where the packet's 'target IP address' is the address being probed for, and the packet's 'sender hardware address' is not the hardware address of any of the host's interfaces, then the host SHOULD similarly treat this as an address conflict and signal an error to the configuring agent as above. This can occur if two (or more) hosts have, for whatever reason, been inadvertently configured with the same address, and both are simultaneously in the process of probing that address to see if it can safely be used.
Cisco IOS® uses the Address Resolution Protocol (ARP) Probe sourced from an address of 0.0.0.0 in order to maintain the IP device-tracking cache when IP device tracking and a feature that uses it is enabled (such as 802.1x) on a Cisco IOS switch. The purpose of IP device tracking is for the switch to obtain and maintain a list of devices that are connected to the switch via an IP address. The probe does not populate the tracking entry. It is used in order to activate and maintain the entry in the table after it is learned. This IP address is then used when an Access Control List (ACL) is applied to the interface in order to substitute the source address in the ACL with the client IP address. This function is critical whenever access lists are used with 802.1x, or any other Flex-Auth function on Cisco switches.
Duplicate IP Address Cause
If the switch sends out an ARP Probe for the client while the Windows PC is in its duplicate-address detection phase, Windows detects the probe as a duplicate IP address and presents the user with a message that a duplicate IP address was found on the network for 0.0.0.0. The PC does not obtain an address, and the user must either manually release/renew the address, disconnect and reconnect to the network, or reboot the PC in order to gain network access.
There are multiple methods used in order to work around this issue. Here is a list of useful workarounds:
- The primary method used in order to work around the issue is to delay the probe from the switch, so that Windows has time to finish duplicate IP detection. Enter this command in order to delay the probe:
ip device tracking probe delay 10
The RFC specifies a ten-second window for duplicate address detection, so if you delay the device-tracking probe, it resolves the issue in nearly all cases. In addition to probe-delay, the delay also resets when the switch detects a probe from the PC. For example, if the probe timer has counted down to five seconds and detects an ARP Probe from the PC, the timer resets back to ten seconds. In rare circumstances, the PC sends an ARP Probe milliseconds before the switch sends its probe, which still triggers a duplicate address message to the end user. This command was introduced in Version 15.0(1)SE on 2900, 3500, and 3700 Series switch platforms, Version 15.0(2)SG on the 4500 Series switch platform, and Version 12.2(33)SXI7 on the 6500 Series switch platform.
- If the previous method does not fully resolve the issue, you can configure the switch in order to send a non-RFC compliant ARP Probe in order to source the probe from the Switch Virtual Interface (SVI) in the VLAN where the PC resides. Enter this command in order to do this:
ip device tracking probe use-svi
This configuration currently does not trigger the duplicate address detection error message in Windows. The caveat to this method is that an SVI must exist on every switch in every VLAN where Windows clients who run DHCP reside. This method is difficult to scale, so Cisco recommends that you use IP device-tracking probe delay as the primary method. SVI is not currently available on the 6500 Series switch platform. This command was implemented in Version 12.2(55)SE on 2900, 3500, and 3700 Series switch platforms, and in Version 15.1(1)SG on the 4500 Series switch platform.
- Another method used in order to resolve this issue involves a troubleshoot of the client in order to determine why duplicate address detection occurs so late after the link comes online. The switch has no way to determine when this process occurs, so you must estimate how long to set the probe delay in order to prevent the conflict. In order to effectively troubleshoot why duplicate address detection occurs so late, further information on the behavior of the IP device-tracking probe is useful:
The ARP probe is sent under two circumstances:
- A link associated with a current entry in the IPDT database moves from a DOWN to an UP state.
- A link already in the UP state that is associated with an entry in the IPDT database has an expired probe interval.
Enter this command in order to set the IP device-tracking probe interval:
ip device tracking probe interval <seconds>
The default interval is thirty seconds. In order to view this information, enter this command:
show ip device tracking all
IP Device Tracking = Enabled
IP Device Tracking Probe Count = 3
IP Device Tracking Probe Interval = 30
IP Device Tracking Probe Delay Interval = 0
IP Address MAC Address Vlan Interface STATE
10.0.0.1 a820.661b.b384 301 GigabitEthernet0/1 INACTIVE
Total number interfaces enabled: 1
After the initial entry moves from a DOWN to an UP state, no further probes are sent unless the switch does not see traffic from that device for the probe-delay interval. Also, as stated earlier, the conflict only occurs if the PC sends out the ARP Probe milliseconds before the switch sends the ARP Probe (simultaneously).
- The final method described in this document is to disable duplicate-address detection on the client-side. This procedure is described in the How to Disable the Gratuitous ARP Function MS Support-Base article. Centrally depoy this change in order to make this option more scalable.