How do I fix bad MAC address for server in ARP cache?

The Windows 7 machines in my office have been losing connectivity with the server for the last few days.  ChiefIT brilliantly suggested that ARP resolution might be the issue.  Sure enough, when one of my Windows 7 machines can ping the server, the MAC address it has for the server in its ARP cache is correct.  And sure enough, when one of my Windows 7 machines cannot ping the server, the MAC address it has for the server in its ARP cache is wrong.  In fact, the MAC address it shows in the ARP cache is the MAC address for the gateway.  Suggestions on how to fix this?  
jdanaAsked:
Who is Participating?
 
Subhashish LahaConnect With a Mentor Commented:
To remove the bad arp entry from a server which may be caching bad information (so, not the machine that can't be reached, but the machine that can't do the reaching) you can manually delete the bogus entry out of the ARP cache, where IP address is the IP of the machine which can't be reached. Note this same syntax appears to be valid on both Linux and Windows:

arp -d <ip-address>
0
 
BCipolloneConnect With a Mentor Commented:
I usually use the delete all command

arp -d *
0
 
jdanaAuthor Commented:
Okay subhashishlaha,

I did a flush (netsh interface ip delete arpcache) on the Windows 7 client and pinged the server again.  The client's ARP cache again filled with MAC address of the gateway instead of the MAC address of the server.  

I then did a flush on both client and server.  This time, the ping from client to server was successful and ping from server to client was successful.  I check both ARP caches at this point and the values were correct.  

So, did I resolve the issue?  Or is there something else lurking out there that's going to make the issue rear up again?

J
0
Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

 
Subhashish LahaCommented:
I dont think at this point this should come up again.

If it is in future, we are here to assist you :)



0
 
jdanaAuthor Commented:
I flushed the cache on the problem server and computers, and all seemed well for about an hour.  Then inexplicably, the bad MAC addresses started creeping back in.  What is causing this.  Ahhhg!
0
 
SolracMConnect With a Mentor Commented:
Yes it will show up again. Deleting the ARP cache only corrects the problem. ,, what caused it is the question,,,, Next time it happend from the command Prompt do a ROUTE PRINT and determine which mac address is currently routed to the gateway IP addr. you can then do a route delete,, disable the wrong MAC adress in the device manager, then flush your arp cache and do a ROUTE add for the right mac address. I have expirenced this in a server that has 2 ethernet cards active with both having dynamic IP adressing configured. In a desktop remember your WIRELESS adapter also has a MAC address.
0
 
Subhashish LahaConnect With a Mentor Commented:
I would start with the obvious. Disconnect the server from the network and see if you can ping the IP address. It sounds like you have a device on the network with the same IP. I say device because the server is not complaining about it so what ever has the IP more than likely is not running a standard OS. Possibly a printer or something along those lines.

If you have the address in the DHCP scope, remove it or set a reservation for it to the correct MAC. You will still have to figure out what device has the IP and reboot it for a new lease or manually configure it. I use http://www.coffer.com/mac_find just put in the bad MAC and it will give you the manufacturer. This will give you a place to start looking.
0
 
expert_tanmayConnect With a Mentor Commented:
MAC address for the gateway is getting picked can be for two reasons.
1> If your windows7 machine does not consider the server in the same subnet.
2> There could be a spantree loop back.

Cheers..
0
 
jdanaAuthor Commented:
Thanks for all the great suggestions.  In the end, it turned out to be our Cisco ASA 5505 firewall.  The ARP proxy functionality was turned on.
0
All Courses

From novice to tech pro — start learning today.