Resolving ARP IP Conflict on Huawei AR2240 Router by Blocking Conflicting MAC with ACL
The article details a troubleshooting process for a Huawei AR2240 router experiencing external network access issues due to ARP IP conflicts, showing how to identify the conflicting MAC address from trap logs and resolve the problem by creating an ACL to deny the offending MAC on the relevant interface.
The Huawei AR2240 router was unable to access the external network across three subnets. Initial diagnostics using display cpu-defend statistic revealed packet loss, and examining the trap buffer showed multiple ARP IP conflict traps indicating duplicate IP addresses.
ARP tables extracted from the router displayed numerous entries, with the MAC address 0017-59de-b688 appearing repeatedly in the conflict logs, suggesting it was the source of the IP conflict.
Since the conflicting MAC could not be physically located in the network, the recommended remediation was to block the MAC address directly on the AR router using an access control list (ACL).
Configuration steps:
[Huawei]acl number 4444
[Huawei-acl-L2-4444]rule 5 deny l2-protocol arp source-mac 0017-59de-b688
[Huawei]int g0/0/1
[Huawei-GigabitEthernet0/0/1]traffic-filter inbound acl 4444After applying the ACL, the network traffic returned to normal, confirming that the ARP IP conflict was mitigated by filtering the offending MAC address.
This approach demonstrates a practical method for handling ARP spoofing or IP conflict issues in enterprise networks.
Practical DevOps Architecture
Hands‑on DevOps operations using Docker, K8s, Jenkins, and Ansible—empowering ops professionals to grow together through sharing, discussion, knowledge consolidation, and continuous improvement.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.