A DUPLICATE IP alarm on Versa VOS (Versa Operating System) indicates that the device has detected that the same IP address is being claimed by two different MAC addresses on the network. This creates a conflict that can cause network instability and connectivity issues. 
How ARP works
To understand the problem, it's helpful to remember how the Address Resolution Protocol (ARP) normally functions:
  1. ARP Request: When a device (Device A) needs to send data to another device (Device B) on the same local network, it sends an ARP request broadcast asking, "Who has this IP address?".
  2. ARP Reply: The device with that IP address (Device B) sends an ARP reply back to Device A, stating, "I have that IP address, and here is my MAC address".
  3. ARP Cache: Device A then stores the IP-to-MAC address mapping in its local ARP cache for future use. 
Causes of a DUPLICATE ARP alarm
A DUPLICATE ARP alarm is triggered when the Versa device sees conflicting ARP replies for the same IP address. Common causes include:
  • Duplicate IP address assignment: A device on the network has been manually or automatically configured with an IP address that is already in use by another device.
  • Failed hardware: A network device, such as a router or switch, has malfunctioned and is improperly sending ARP replies.
  • Misconfigured network: Issues can arise from improper network setup, especially with redundancy features. For example, some Active/Active first-hop redundancy protocols can cause conflicting ARP replies in specific circumstances.
  • ARP spoofing or cache poisoning: This is a malicious attack where a compromised device sends falsified ARP messages over the LAN, associating the attacker's MAC address with the IP address of another device. The attacker intercepts traffic meant for the legitimate device, causing a "duplicate ARP" warning.
  • Flapping interfaces: A network interface on a device that is rapidly going up and down can cause conflicting ARP information to be broadcast, leading to duplicate alarms. 
Troubleshooting the alarm
To resolve a DUPLICATE ARP alarm, you can take these steps:
  1. Isolate the conflicting devices. Use the Versa VOS CLI to find out which interfaces and MAC addresses are involved in the duplicate ARP issue.
  2. Run packet captures. Perform a packet capture (monitor > Packet Capture) on the affected interface to analyze the ARP exchanges and confirm that conflicting replies are being received.
  3. Check IP assignments. Verify the IP address assignments on your network. Check if any static IP addresses conflict with the DHCP pool or with another statically assigned device.
  4. Investigate the source MAC addresses. Use the MAC address from the conflicting ARP entries to identify the device. You can look up the MAC address vendor and trace the port on your switches to find the physical device.
  5. Restart network devices. Rebooting the PCs or network devices involved in the conflict can sometimes clear a bad ARP cache and resolve the problem.
  6. Scan for malicious activity. If the cause is not an obvious configuration error, perform a security scan on devices in the network, as the alarm could indicate an ARP cache poisoning attack.