Want to win a PS4? Go Premium and enter to win our High-Tech Treats giveaway. Enter to Win

x
?
Solved

ARP entries and server/router going awol.

Posted on 2013-01-14
7
Medium Priority
?
367 Views
Last Modified: 2013-05-07
I do some IT support in a local school where quite often the server or the router are no longer pingable, shares disappear and no one can print via the server. This doesn't last but has been wrecking my head for a few weeks.

The arp table on a pc that can no longer communicate with the server or router shows the wrong mac address for the server or router's ip address. On looking up the mac address, the mac address belongs to an Apple or HTC iphone forexample. The school's network is primarily wireless.

Would this be down to the students in  the school assigning the server or router's ip address on their smartphones? Or could it be due to some fault in the unmanaged switches?

Your help is greatly appreciated.

Many thanks in advance,
Enda
0
Comment
Question by:endarona
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
7 Comments
 
LVL 30

Expert Comment

by:IanTh
ID: 38773901
why aren't you using dhcp for wireless thats the normal way
0
 

Author Comment

by:endarona
ID: 38773916
I am using DHCP but I have a suspicion that the students are manaully assigning the ip address of the server or router to their phones. That is my understanding of why the arp table shows an incorrect mac address associated with the server or router's ip address.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38773948
I dont understand how your students are using static tell them its against a policy in force and must use dhcp as they are breaking other essential services like servers shares etc
0
Windows Server 2016: All you need to know

Learn about Hyper-V features that increase functionality and usability of Microsoft Windows Server 2016. Also, throughout this eBook, you’ll find some basic PowerShell examples that will help you leverage the scripts in your environments!

 

Author Comment

by:endarona
ID: 38774171
Without knowing for sure, they are setting manual addresses on their phones to cause as much hassle as possible to the network. Again this is only my opinion but apart from the arp tables and being able to see what manufacturer of smartphone the mac addresses are, i have no way of tracking whose phone the mac addresses belong to.
0
 
LVL 30

Expert Comment

by:IanTh
ID: 38774213
ok I think iphone mac addresses start with 98:fe:94:x:x:x
0
 
LVL 10

Accepted Solution

by:
ddiazp earned 2000 total points
ID: 38780634
If i was you i'd take the more aggressive approach. Chances is this is an intentional attack and i'd act based on that.

2 Things you could do:

1. Grab that mac address you see different, apply a macl, and block that mac address from accessing the network (from wireless server/router/controller).

2. Create static ARP entries to hardcode the mac address of that IP to the mac of the legitimate device. (this may not fully work but it would improve the scenario).
0
 

Author Comment

by:endarona
ID: 38782232
Thanks for the input. Unfortunately the switches are unmanaged. I'm going to go in and try Mike Timmons suggestion as per this link to keep kids smartphones off the wireless network

http://social.technet.microsoft.com/Forums/en/w7itprosecurity/thread/c5900c75-c031-4e02-9350-df7cb65bce04

This all stems from the mess created by Windows 7 showing the wireless key.
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In the world of WAN, QoS is a pretty important topic for most, if not all, networks. Some WAN technologies have QoS mechanisms built in, but others, such as some L2 WAN's, don't have QoS control in the provider cloud.
This article will show how Aten was able to supply easy management and control for Artear's video walls and wide range display configurations of their newsroom.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software explains how to view the most utilized and worst performing nodes in your network, by accessing the Top Charts view in NetCrunch network monitor (https://www.adremsoft.com/). Top Charts is a view in which you can set seve…

598 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question