Troubleshooting MethodologyCCNA 200-301

Duplicate IP Address Causing Intermittent Connectivity Loss

Presenting Symptom

Users report intermittent connectivity loss to a server, with some devices able to reach it while others cannot, and the issue resolves temporarily after rebooting the server.

Network Context

A small branch office with a single Cisco Catalyst 2960 switch (IOS 15.0) connecting 50 workstations and a server (192.168.1.10/24). The switch is the default gateway for the VLAN 1 subnet. No DHCP snooping or IP source guard is configured. The server runs Windows Server 2019 with a static IP address.

Diagnostic Steps

Check the ARP table on the switch for the server IP

show ip arp 192.168.1.10

Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.1.10            0    aaaa.bbbb.cccc  ARPA   Vlan1

If multiple MAC addresses appear for the same IP, a duplicate IP exists. If only one MAC appears but the issue persists, the MAC may belong to the wrong device.

Check the MAC address table for the MAC learned from the server IP

show mac address-table address aaaa.bbbb.cccc

Mac Address Table
-------------------------------------------
Vlan    Mac Address       Type        Ports
----    -----------       --------    -----
   1    aaaa.bbbb.cccc    DYNAMIC     Gi0/1

If the MAC appears on multiple ports, there is a loop or duplicate MAC. If it appears on an unexpected port, the device may be connected to the wrong switchport.

Ping the server IP from the switch and check for duplicate IP detection

ping 192.168.1.10 repeat 100

Success rate is 50 percent (50/100), round-trip min/avg/max = 1/2/5 ms

Intermittent ping success suggests the duplicate IP device is responding sometimes. A consistent 100% loss or success may indicate a different issue.

Enable debug to see ARP activity for the server IP

debug arp

IP ARP: rcvd rep src 192.168.1.10 aaaa.bbbb.cccc, dst 192.168.1.1 Vlan1
IP ARP: rcvd rep src 192.168.1.10 dddd.eeee.ffff, dst 192.168.1.1 Vlan1

If two different MAC addresses reply for the same IP, duplicate IP is confirmed. The debug output shows both responses.

Root Cause

A duplicate IP address exists on the network: the legitimate server (192.168.1.10) with MAC aaaa.bbbb.cccc and an unauthorized device (e.g., a misconfigured laptop) with MAC dddd.eeee.ffff also using 192.168.1.10. The switch's ARP table flips between the two MACs, causing intermittent connectivity as traffic is sent to the wrong device.

Resolution

1. Identify the unauthorized device by checking the switchport where its MAC is learned: show mac address-table address dddd.eeee.ffff. 2. Disconnect or reconfigure the offending device. 3. Clear the ARP cache on the switch: clear arp-cache. 4. Optionally, configure static ARP entry for the server: arp 192.168.1.10 aaaa.bbbb.cccc ARPA. 5. Enable DHCP snooping and IP source guard to prevent future duplicates: ip dhcp snooping, ip dhcp snooping vlan 1, interface Gi0/1, ip dhcp snooping trust, ip source guard.

Verification

Run show ip arp 192.168.1.10 to confirm only one MAC (the server's) appears. Ping the server with 100 packets: ping 192.168.1.10 repeat 100. Expected output: Success rate is 100 percent (100/100).

Prevention

1. Use DHCP with reservations to assign static IPs centrally. 2. Enable DHCP snooping and IP source guard on all access ports. 3. Implement port security to limit MAC addresses per port.

CCNA Exam Relevance

On the CCNA 200-301 exam, duplicate IP scenarios appear in troubleshooting questions, often as drag-and-drop or multiple choice. The exam tests the ability to interpret ARP table output and identify duplicate IPs. Key fact: A duplicate IP causes the switch's ARP table to oscillate between two MAC addresses, leading to intermittent connectivity.

Exam Tips

Memorize the 'show ip arp' command and how to spot multiple MACs for one IP.

Remember that clearing the ARP cache (clear arp-cache) is a temporary fix; the root cause must be removed.

Be aware that duplicate IPs can be caused by misconfigured static IPs or rogue DHCP servers.

Commands Used in This Scenario

clear arp-cache

Clears the entire ARP cache on the device, forcing the router to dynamically re-learn all ARP entries, typically used to resolve connectivity issues caused by stale or incorrect ARP mappings.

debug arp

Enables debugging of ARP (Address Resolution Protocol) packets to troubleshoot IP-to-MAC address resolution issues on a Cisco router or switch.

show ip arp

Displays the Address Resolution Protocol (ARP) cache, mapping IP addresses to MAC addresses on a router or switch, used to verify connectivity and troubleshoot Layer 2 issues.

show mac address-table

Displays the MAC address table (also known as CAM table) on a switch, showing which MAC addresses are learned on which VLAN and port, used to verify Layer 2 forwarding and detect issues like MAC flooding or incorrect port assignments.

Test Your CCNA Knowledge

Practice with scenario-based questions to prepare for the CCNA 200-301 exam.

Practice CCNA Questions