Hi
Can NCM help with duplicate IP in config ?
It's some loopback or interfaces IP that I dont monitor with NPM.
Alert or compliance report?
Any one ?
Cisco Prime can do that.
Any way find out if there is duplicate IP ?
Ok, I actually have this set up as a resource on a page that I have for looking for unusual things. For this to work, the IP would actually have to be "active", ie: not on a shutdown interface I believe. You don't need NCM to do it either, it relies on NPM's discovery of a device. This is a bit rough as I only use it myself (ie: don't publish it to other users on our system) and you WILL see duplicates. That's because you will see it from the perspective of both Node1 having a duplicate IP with Node2, as well as the reverse, Node2 having a duplicate IP with Node1. Haven't figured out a way to get rid of that yet easily. The stuff in the WHERE clause is where I weed out some nodes that I know will have duplicate IP's, like our Riverbeds and such because of the use of internal IP's that are the same on every device, or how all our cisco ASA failover clusters use the same IP's for the link between them rather than unique ones. You can remove this WHERE clause or customize it to your own network as needed.
SELECT I.NodeID, I2.NodeID, I.IPAddress, N.Caption AS Node1, N.DetailsURL AS [_LinkFor_Node1], I2.IPAddress, N2.Caption AS Node2, N2.DetailsURL AS [_LinkFor_Node2]
FROM Orion.NodeIPAddresses I JOIN Orion.NodeIPAddresses I2 ON ((I.IPAddress = I2.IPAddress) AND NOT (I.NodeID = I2.NodeID))
JOIN Orion.Nodes N ON (I.NodeID = N.NodeID)
JOIN Orion.Nodes N2 ON (I2.NodeID = N2.NodeID)
WHERE (NOT(Node1 LIKE '%ASA%') AND NOT(Node2 LIKE '%ASA%'))
AND (NOT(Node1 LIKE '%RVB%') AND NOT(Node2 LIKE '%RVB%'))
ORDER BY I.IPAddress
To add this, create or go to the View on which you want to see it on. I created a new view for mine, but you can put it anywhere. Once there, click on "Customize Page" and click on the green "+" sign to add a new resource to a column. Choose "Custom Query" as the type of resource, and click on "Preview". You should see the "Custom Query" resource, click on the "Edit" button to edit the resource. Set the Title to what you want, maybe "Duplicate IP's", and in the Custom SWQL query box paste it in. I recommend setting the "Number of Rows per Page" to maybe 50 or so?
Hi Craig
Thanks for sharing it's sure find some stuff
I will sure like something from MCM part that take and compare the config text and come with list of interfaces.
/SJA
Well, I doubt the config portion of NCM will ever do that, it doesn't really have any intelligence, at least AFAIK, about things like what IP addresses and such that it sees. ie: It doesn't "learn" them and keep a database of what it sees in a config. It's mainly about the text of the config file and how it might have changed from one revision to the other.
There is an inventory side to NCM that builds a database of different things it gets via SNMP, similar to the NPM side. It doesn't gather this stuff via the config text though. This holds things like arp tables, things about the various chassis and cards and such and yes, even the IP addresses it sees on the devices. However, then you have to make sure the inventory is up to date and it will only do devices in NCM vs. the method I gave should be polled more frequently and I would think might have more devices than your NCM does. But, its possible it might produce the same report. I think it isn't as clean of a query, but here it is using the NCM IP address inventory instead of NPM's...
FROM NCM.IpAddresses I
JOIN NCM.IpAddresses I2 ON ((I.IPAddress = I2.IPAddress) AND NOT (I.NodeID = I2.NodeID))
JOIN Orion.Nodes N ON (I.NodeProperties.CoreNodeID = N.NodeID)
JOIN Orion.Nodes N2 ON (I2.NodeProperties.CoreNodeID = N2.NodeID)
Very close like I said, if it was SQL it would be much more complex in that you would have to join both the NCM.IpAddresses and NCM.NodeProperties table, but there is a inherited property in SWQL that prevents the need from doing that.
You can use Solarwinds IPAM to find duplicate IP address. It comes with a build in alert.
Not 100% sure that will work, using UDT that is. UDT is geared towards learning client IP addresses that are connected to switchports. So I can see a couple problems there, first you would need to manage all your router ports, then it would have to discover the IP of the router itself, not a client connected to the port. Not sure it does that, but typically I don't manage anything but switchports in UDT, so its possible it might.
I'm also thinking that UDT doesn't look for IP address conflicts across your whole network, but instead looks for them within each distinct network.
These pages below explain the process that UDT uses and I think it backs me up in this... However, you never know, it might work. I wouldn't purchase it with the intent of this working, but if someone has it it might be a neat experiment. UDT has never picked up on anything that the queries I wrote have picked up on though.
IP Address Conflicts
IP Address Conflicts Summary View
Craig Norborg wrote:Not 100% sure that will work, using UDT that is.
Craig Norborg wrote:
Not 100% sure that will work, using UDT that is.
As mentioned already, there's a build in alert that comes with UDT called "Alert me when there is a IP Address Conflict based on MAC address." The message it writes to the event log is "The IP address ${IPAddress} is in conflict. <br />The following devices were detected on network with same IP address:<br /> ${IPConflictMsg}"
There is also another way. I use Syslog also to detect duplicate IP addresses. I've written a rule that looks for syslog type pattern of "IP-4-DUPADDR" and when it sees one, it sends me an email with the duplicate IP address issue.
