The DAD Check

The DAD feature checks IP addresses by sending an ARP request to each IP address it checks. The source IP address in the ARP request is 0, and the destination IP address is the IP address being checked. If another device replies to the ARP request, a duplicate IP address is detected.

The DAD check is repeated a configurable number of times for each IP interface. During the IPv4 DAD check, the status for an interface under test is tentative, and this status is shown with the T flag when the show ip dad command is entered. The DAD check is very fast, so it might be hard to view the tentative state for an address. If the address had previously been marked duplicate, the status remains duplicate while the DAD check runs. If no duplicate address is detected when the DAD check runs at interface startup, the interface IP address is declared valid.

If the DAD check feature is not enabled at startup, you can enable it after startup with a CLI command. Once enabled at the switch prompt, a DAD check runs on all IP interfaces when you enter the run ip dad, and it automatically runs on a single interface when an interface is initialized.

Note

Note

When you enable the DAD feature at the CLI prompt, no DAD check is performed until you enter the run ip dad command or an interface is initialized.

An interface initialization can be triggered by enabling a disabled VLAN that has an IP configuration, or you can initialize an interface by adding an IP address to a VLAN and enabling IP forwarding. The DAD check runs only on the interface being initialized, and it does not run again until another interface is initialized.

When a duplicate IP address is detected, an EMS (Event Management System) event is generated and the IP address is marked as follows:
  • Valid—The interface remains valid if it was marked valid as a result of a previous DAD check. This treatment prevents the switch from disabling an interface that was working and now has an address conflict with another device.

  • Duplicate—The duplicate IP address is disabled and cannot be used by switch processes. This treatment is appropriate for an interface that is just joining a network and should not conflict with pre-established services.

You can use the show ip dad command to display duplicate IP addresses, which are marked with the D flag.