Symptom
When a user misconfigures a VM to have the same IP as the SVI IP address on a BD, there is no syslog message and/or SNMP trap generated even though EPM/EPMC appears to discard the learn event.
The ability to alert the user to this is a standard feature of every IOS/NX-OS version starting with 10.x.
E.g.
//
Oct 17 15:56:08.379 IND: %HSRP-4-DUPADDR: Duplicate address 10.8.51.253 on Vlan100, sourced by 0000.0237.1101
//
It would be good to alert network operators to situations where VM's are hijacking the GW IP address even if we don't learn the EP in the fabric.
Further Problem Description
Possible enhancements:
1) Show which EPG, MAC address, Encap VLAN ID and physical port(or VPC port-channel) are being used by the rogue VM
2) Raise a critical fault on ACI against the BD and all EPG's that the said BD is associated with
