Jump to content
Welcome to our new Citrix community!

VPX HA Setup - IP Conflict passive node

Luca Ferraro

Recommended Posts

Hi all, 


We have a 2 node HA setup and everything is working fine so far. The nodes are setup as 2 arm deployment with an additional dedicated nic for management access. So in total 3 nics.

The nodes didnt have internet access except the VIP from the gatway was reacheable.


Since january 2021 i configured OTP push therefore our networking team enabled webaccess for my external SNIP. I think, since then I see the following entries in my syslog: 02/01/2021:14:32:52 GMT vpx02 0-PPE-0 : default SNMP TRAP_SENT 0 0 : ipConflict (ipConflictAddr =, ipConflictMacAddr = "our:mac:address", nsPartitionName = default)


The conflicting mac address is from the hyper v host, on which the standby vpx node is running. On the vpx itself it shows everything right with active/passive.

Also each network adapter is bound to the correct vlan and corresponding subnet ip.



Here are the networking parts from the vpx config:



#NS13.0 Build 67.39
# Last modified Fri Jan 29 11:48:21 2021
set ns config -IPAddress -netmask
set ns config -nsvlan 1 -ifnum 0/1 -tagged NO


set interface 0/1 -autoneg DISABLED -haMonitor OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "Hyper v" -ifnum 0/1
set interface 1/1 -autoneg DISABLED -haMonitor OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "Hyper v" -ifnum 1/1
set interface 1/2 -autoneg DISABLED -haMonitor OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype "Hyper v" -ifnum 1/2
set interface LO/1 -haMonitor OFF -haHeartbeat OFF -throughput 0 -bandwidthHigh 0 -bandwidthNormal 0 -intftype Loopback -ifnum LO/1

add vlan 1
add vlan 2 -aliasName CTXOutside

add vlan 3 -aliasName CTXInside


add ns ip -type NSIP -vServer DISABLED -gui SECUREONLY -mgmtAccess ENABLED -dynamicRouting ENABLED


add ns ip -type VIP -snmp DISABLED
add ns ip -vServer DISABLED

add ns ip -type VIP -snmp DISABLED
add ns ip -vServer DISABLED -telnet DISABLED -ftp DISABLED -gui SECUREONLY -snmp DISABLED -mgmtAccess ENABLED

bind vlan 2 -ifnum 1/1
bind vlan 2 -IPAddress
bind vlan 3 -ifnum 1/2
bind vlan 3 -IPAddress


The ip's and vlans are changed up.


Is this maybe a bug or a missconfiguration on the firewall? 


Many thanks and kind regards





Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Create New...