Bad MAC addresses are sneaking into the network ARP caches
The Windows 7 machines in my office have been losing connectivity with the server for the last few days. In an effort to resolve the issue, I ran an ARP flush on all Windows 7 clients and the server. Initially, all seemed well. MAC addresses were correct, and all Windows 7 machines could ping the server (and vice-versa). Ten minutes ago, I tried to ping the server again from one of the Windows 7 machines and it failed. Sure enough, a bad MAC address had snuck back into the laptop's ARP cache.
Something evil out there in the network is causing this ARP cache corruption. What are my prime suspects?
J
Something evil out there in the network is causing this ARP cache corruption. What are my prime suspects?
J
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
BCipollone
Network Monitor: http://www.microsoft.com/downloads/en/details.aspx?FamilyID=983b941d-06cb-4658-b7f6-3088333d062f&displaylang=en
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Hello jdana,
I think you have already posted this issue on another thread. Below is my recommendation for you. I have updated same on another thread too. Do let me know your findings?
I would start with the obvious. Disconnect the server from the network and see if you can ping the IP address. It sounds like you have a device on the network with the same IP. I say device because the server is not complaining about it so what ever has the IP more than likely is not running a standard OS. Possibly a printer or something along those lines.
If you have the address in the DHCP scope, remove it or set a reservation for it to the correct MAC. You will still have to figure out what device has the IP and reboot it for a new lease or manually configure it. I use http://www.coffer.com/mac_find just put in the bad MAC and it will give you the manufacturer. This will give you a place to start looking.
I think you have already posted this issue on another thread. Below is my recommendation for you. I have updated same on another thread too. Do let me know your findings?
I would start with the obvious. Disconnect the server from the network and see if you can ping the IP address. It sounds like you have a device on the network with the same IP. I say device because the server is not complaining about it so what ever has the IP more than likely is not running a standard OS. Possibly a printer or something along those lines.
If you have the address in the DHCP scope, remove it or set a reservation for it to the correct MAC. You will still have to figure out what device has the IP and reboot it for a new lease or manually configure it. I use http://www.coffer.com/mac_find just put in the bad MAC and it will give you the manufacturer. This will give you a place to start looking.
if it is using broadcom network adapter there is a problem with the driver see a detailed explanation here
ASKER
BCipollone and lrmoore,
You nailed it! The ARP Proxy Cisco ASA 5505 connected to the subnet was ON! After disabling it, all was well.
You nailed it! The ARP Proxy Cisco ASA 5505 connected to the subnet was ON! After disabling it, all was well.