I’ve been seeing this error pop up on many Windows desktop clients:

cisco error message

The system detects an address conflict for the IP address 0.0.0.0 in a system that has network hardware address Ed-Ef-A9-B8-CC-2E. Network operations on this system may experience disruption as a result. MAC will vary.

After some research I found a Cisco support document.

To give some highlights:

Cisco IOS® uses the Address Resolution Protocol (ARP) Probe sourced from an address of 0.0.0.0 in order to maintain the IP device-tracking cache when IP device tracking and a feature that uses it is enabled (such as 802.1x) on a Cisco IOS switch.

If the switch sends out an ARP Probe for the client while the Microsoft Windows PC is in its duplicate-address detection phase, Microsoft Windows detects the probe as a duplicate IP address and presents the user with a message that a duplicate IP address was found on the network for 0.0.0.0

So we now know the issue is with IP Device tracking, but what the heck does this do? IP Device tracking keeps an active list of devices that are connected VIA ARP. The function has as Cisco put it “Always been around”, is extremely beneficial when using MAC ACLs or using 802.1x. Recently it has really been used with Network Mobility Services Protocol (NMSP), this feature manages communication between the mobility service engine and the wireless controller in newer switches.

So how does it work? When it detects a link, it sends unicast Address Resolution Protocol (ARP) probe with a default interval of 30 seconds. These probes are sent to the MAC address of the host connected on the other side of the link, and use Layer 2 (L2) as the default source the MAC address of the physical interface out of which the ARP goes and a sender IP address of 0.0.0.0 — Bingo, that’s how that default IP pops up.

So how do you remove device tracking? Easy, right? Oh, the “no IP device tracking” command gives an error in certain firmwares. Firmware 03.02.02.SE and below throw the error:

% IP device tracking is disabled at the interface level by removing the relevant configs

So, you could upgrade to 3.3 and then use the no IP device tracking command, or if you cannot upgrade, disable all the features of IP device tracking. Here’s how to do that:

Under each interface use commands:

nmsp attach suppress

no ip device-tracking max

I would recommend using a range command to get all the ports at once. This fixed the issue for me.

Let me know if you have any questions by sending us an email or giving us a call at 502-240-0404!