In many of today's large scale networks, Internet Protocol (IP) address configuration is usually performed automatically, often by a Dynamic Host Configuration Protocol (DHCP) server. The DHCP server controls the IP addresses of PC host systems on the network, excluding the IP addresses of the gateways of the network. Protocols such as Hot Standby Router Protocol (HSRP) and Virtual Router Redundancy Protocol (VRRP) are used to define a default gateway in a network, while protocols such as Gateway Load Balancing Protocol (GLBP) use a basic load balancing function to balance the workload between multiple gateway routers.
Occasionally, computers or other host devices will have manually configured IP addresses, and will attempt to connect to the network. When this occurs, there are instances where the manually configured IP address associated, for example, with a rogue PC, will be a duplicate of one of the existing gateway IP addresses. In this case, data packets are not forwarded to the intended destination, potentially resulting in a severe problem that disrupts traffic on the network.
Currently, when a problem like this occurs, the only switch to discover the problem is the gateway switch in the distribution layer of the network. However, in the case that the rogue host device is connected to an access layer switch, the access layer switch is where the problem lies, and as such, is where the problem must be fixed. Unfortunately, the distribution layer switch currently only has the ability to send a system log message to the administration informing of a duplicate IP address. This message does not include information on which access switch, or which port on said access switch, to which the rogue host device is connected. Therefore, the network administrators must manually trace through the network to find the rogue device before deactivating the port. This is time consuming and inefficient in managing the network.