Meraki

Community

IP conflict, but notice has same MAC address for both.

Solved
BobHarrison
Here to help
3 weeks ago
3 weeks ago

IP conflict, but notice has same MAC address for both.

I get this notice about every hour.

 

The security appliance in the _XX appliance network has detected an IP conflict with two or more devices.

  • The IP 10.1.70.20 is claimed by clients with the following MAC addresses:
  • xx:xx:xx:96

The 2 MAC addresses are identical. Why would this be a conflict?

 

I check logs and all I see is this one MAC address with this IP and no conflicting entries for other devices on that IP.

 

Any ideas?

Labels:
0 Kudos
1 Accepted Solution
alemabrahao
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

The security appliance might be detecting multiple ARP announcements for the same IP/MAC combination, possibly due to a device flapping between interfaces (e.g., wired and wireless) or a virtual IP or clustering setup where the same MAC/IP is advertised from different ports.

 

If the device is connected via a link aggregation group, the same MAC could appear on multiple interfaces, confusing the appliance.

 

Aside from the logs, are you experiencing any other problems? I'm asking because this could just be a false positive.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.

View solution in original post

4 Replies 4
alemabrahao
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

The security appliance might be detecting multiple ARP announcements for the same IP/MAC combination, possibly due to a device flapping between interfaces (e.g., wired and wireless) or a virtual IP or clustering setup where the same MAC/IP is advertised from different ports.

 

If the device is connected via a link aggregation group, the same MAC could appear on multiple interfaces, confusing the appliance.

 

Aside from the logs, are you experiencing any other problems? I'm asking because this could just be a false positive.

I am not a Cisco Meraki employee. My suggestions are based on documentation of Meraki best practices and day-to-day experience.

Please, if this post was useful, leave your kudos and mark it as solved.
BobHarrison
Here to help
3 weeks ago
3 weeks ago

We were having a problem with the device which is a sign. We got the alerts then. The controller was bad, so we replaced it and it was assigned a different IP and we now get the alerts on the new device. It seems to be working correctly.

 

We occasionally get the same alerts on a few other devices. Those were laptops that were on Wi-Fi that got plugged in occasionally, so your explanation makes sense for those.

 

Thanks for pointing out the possible causes. It doesn't seem to have any negative effect, so it may be false positives for the reasons you mentioned. I will consider this answered unless we experiense other issues.

 

Thanks

 

 

0 Kudos
PhilipDAth
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

If you are not running a current stable firmware, try upgrading to that.

0 Kudos
GIdenJoe
Kind of a big deal
Kind of a big deal
3 weeks ago
3 weeks ago

Hey guys, it is important that you check the actual MAC address in the event log!!

It happens many times that one device is using multiple mac addresses that are just 1 digit higher and then that gets pushed to the same dashboard client.  And if that client is identified by it's MAC address then you get that flapping with the same client.

I have seen this behavior many times with Synology NAS devices if they are not using LACP (802.3ad) to load balance their upstream traffic.  Then it continues to send traffic using one mac and the next packet with the next mac.

0 Kudos
Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco ID. If you don't yet have a Cisco ID, you can sign up.
Labels
© 2025 Cisco Systems, Inc.