Fortinet black logo

Administration Guide

IP conflict detection

Copy Link
Copy Doc ID 0f66c6af-cee6-11eb-97f7-00505692583a:163701
Download PDF

IP conflict detection

IP conflicts can occur when two systems on the same network are using the same IP address. The FortiSwitch unit monitors the network for conflicts and raises a system log message and an SNMP trap when it detects a conflict.

The IP conflict detection feature provides two methods to detect a conflict. The first method relies on a remote device to send a broadcast ARP (Address Resolution Protocol) packet claiming ownership of a particular IP address. If the IP address in the source field of that ARP packet matches any of the system interfaces associated with the receiving FortiSwitch system, the system logs a message and raises an SNMP trap.

For the second method, the FortiSwitch unit actively broadcasts gratuitous ARP packets when any of the following events occurs:

  • System boot-up
  • Interface status changes from down to up
  • IP address change

If a system is using the same IP address, the FortiSwitch unit receives a reply to the gratuitous ARP. If it receives a reply, the system logs a message.

Configuring IP conflict detection

IP conflict detection is enabled on a global basis. The default setting is enabled.

Using the GUI:
  1. Go to Network > Settings.
  2. Select Enable IP Conflict Detection.
  3. Select Apply.
Using the CLI:

config system global

set detect-ip-conflict <enable|disable>

Viewing IP conflict detection

If the system detects an IP conflict, the system generates the following log message:

IP Conflict: conflict detected on system interface mgmt for IP address 10.10.10.1

IP conflict detection

IP conflicts can occur when two systems on the same network are using the same IP address. The FortiSwitch unit monitors the network for conflicts and raises a system log message and an SNMP trap when it detects a conflict.

The IP conflict detection feature provides two methods to detect a conflict. The first method relies on a remote device to send a broadcast ARP (Address Resolution Protocol) packet claiming ownership of a particular IP address. If the IP address in the source field of that ARP packet matches any of the system interfaces associated with the receiving FortiSwitch system, the system logs a message and raises an SNMP trap.

For the second method, the FortiSwitch unit actively broadcasts gratuitous ARP packets when any of the following events occurs:

  • System boot-up
  • Interface status changes from down to up
  • IP address change

If a system is using the same IP address, the FortiSwitch unit receives a reply to the gratuitous ARP. If it receives a reply, the system logs a message.

Configuring IP conflict detection

IP conflict detection is enabled on a global basis. The default setting is enabled.

Using the GUI:
  1. Go to Network > Settings.
  2. Select Enable IP Conflict Detection.
  3. Select Apply.
Using the CLI:

config system global

set detect-ip-conflict <enable|disable>

Viewing IP conflict detection

If the system detects an IP conflict, the system generates the following log message:

IP Conflict: conflict detected on system interface mgmt for IP address 10.10.10.1