IPv6 Duplicate Address Detection (DAD) Failure
Presenting Symptom
A host fails to obtain an IPv6 address via SLAAC or DHCPv6, and the network engineer observes 'Duplicate Address Detection' failures in the logs.
Network Context
A small branch office with a Cisco router (IOS XE 16.9) acting as the default gateway and a few Windows 10 hosts. The router is configured to advertise IPv6 prefixes via SLAAC. One host consistently fails to configure its IPv6 address, while others work fine.
Diagnostic Steps
Check IPv6 interface status and DAD attempts
show ipv6 interface GigabitEthernet0/0GigabitEthernet0/0 is up, line protocol is up IPv6 is enabled, link-local address is FE80::1 No global unicast address is configured Duplicate address detection: 1 duplicate address detected ...
If 'Duplicate address detection' shows a non-zero count, DAD has detected a duplicate. The interface may be in 'tentative' state or have no global address.
Identify the duplicate address
show ipv6 neighborsIPv6 Address Age Link-layer Addr State Interface 2001:DB8:1::100 0 aaaa.bbbb.cccc REACH Gi0/0 2001:DB8:1::100 0 dddd.eeee.ffff STALE Gi0/0
Two entries with the same IPv6 address but different MAC addresses indicate a duplicate. The duplicate address is 2001:DB8:1::100.
Check the router's own IPv6 address configuration
show running-config | section interface GigabitEthernet0/0interface GigabitEthernet0/0 ipv6 address 2001:DB8:1::1/64 ipv6 enable no ipv6 nd suppress-ra
The router has a static IPv6 address. Ensure it is not conflicting with the host's address. The host's tentative address is 2001:DB8:1::100, which is different from the router's 2001:DB8:1::1.
Check for duplicate MAC addresses on the LAN
show mac address-table interface GigabitEthernet0/0Mac Address Table ------------------------------------------- Vlan Mac Address Type Ports ---- ----------- -------- ----- 1 aaaa.bbbb.cccc DYNAMIC Gi0/0 1 dddd.eeee.ffff DYNAMIC Gi0/0
Multiple MAC addresses on the same port is normal for a switch, but if the same MAC appears on different ports, it could indicate a loop or duplicate MAC. However, here two different MACs are seen, which is fine.
Root Cause
Two hosts on the same VLAN have been manually configured with the same static IPv6 address (2001:DB8:1::100). When one host attempts to use that address, DAD detects the duplicate and prevents the address from being assigned, causing the host to fail to obtain a valid IPv6 address.
Resolution
Verification
After resolving the duplicate, run: show ipv6 interface GigabitEthernet0/0 Expected: 'Duplicate address detection: 0 duplicate addresses detected' show ipv6 neighbors Expected: Only one entry for 2001:DB8:1::100 (or the new address) with the correct MAC. ping 2001:DB8:1::100 Expected: Successful replies.
Prevention
1. Use DHCPv6 for address assignment to avoid manual configuration errors. 2. Implement IPv6 address management (IPAM) to track assigned addresses. 3. Enable DAD on all interfaces (default) and monitor logs for duplicate address warnings.
CCNA Exam Relevance
On the CCNA 200-301 exam, DAD is tested in the context of IPv6 addressing and troubleshooting. Questions may present a scenario where a host cannot get an IPv6 address, and you must identify DAD failure as the cause. Expect multiple-choice or simulation questions where you interpret 'show ipv6 interface' output to see duplicate address count.
Exam Tips
Remember that DAD is performed using Neighbor Solicitation (NS) and Neighbor Advertisement (NA) messages.
The 'show ipv6 interface' command shows the number of duplicate addresses detected; a non-zero value indicates a problem.
A duplicate address causes the interface to remain in 'tentative' state and the address is not assigned.
Commands Used in This Scenario
Test Your CCNA Knowledge
Practice with scenario-based questions to prepare for the CCNA 200-301 exam.
Practice CCNA Questions