Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Windows 2003 ARP cache contains default gateway MAC for all IP's

Posted on 2013-01-30
8
Medium Priority
?
1,516 Views
Last Modified: 2013-02-20
Windows 2003 server with assigned static IP and default GW is unable to route directly to other servers on the exact same subnet / IP range. All Tracert results always use the Default GW as the 1st hop then the destination on the 2nd when the expected behavior should be a direct find on the 1st.

The ARP cache contains entries for all IP's but the corresponding MAC is always the MAC for the default GW

The contents of the ARP cache updates dynamically - no static entries

As you can see from the screen show ARP -a show no entry for 10.2.171.10
the tracert performed directly after finds 10.2.171.10 on the very first hop
immediately after the tracert ARP-a shows the entry in the ARP table but with the GW MAC
The next tracert then goes via the GW and not like the previous trace which went directly on the 1st hop

I've tried a static route in the routing table - this doesn't help
I've also disabled dynamic update of ARP - not quite sure if that work
I've also tried entering a manual entry in the ARP table with the IP / MAC but this causes the Trace route to fail

The servers are all on the same address subnet plugged into a switch which acts as the GW (10.2.171.254)
As all servers are on the same broadcast network surely they should be reached on the 1st hop.
Not sure why the ARP entries contain the MAC of the GW

Any idea on how i can resolve this so all traffic would go directly to the specific IP / MAC rather than via the GW?

MAC of the default GW in this case ends in d8
You would notice in the screen grab that 10.2.171.40 has a MAC entry which isn't the gateway. I have no idea why this is - I've confirmed that the TCP/IP config on this windows server is exactly the same as the other servers.
ARP.PNG
0
Comment
Question by:Eric
  • 4
  • 2
  • 2
8 Comments
 
LVL 20

Expert Comment

by:agonza07
ID: 38836619
send a screenshot of "ipconfig /all" from that server.
0
 

Author Comment

by:Eric
ID: 38838936
Thanks, please find attached - ipconfig
IPCONFG.PNG
0
 
LVL 20

Expert Comment

by:agonza07
ID: 38848020
That is weird.

What kind of switch are you using.

Also, please verify the subnet masks of your other servers, just to make sure they are on the same subnet.

Finally, can you ping the other servers when you manually put in an arp entry?
0
NEW Veeam Backup for Microsoft Office 365 1.5

With Office 365, it’s your data and your responsibility to protect it. NEW Veeam Backup for Microsoft Office 365 eliminates the risk of losing access to your Office 365 data.

 
LVL 10

Expert Comment

by:mat1458
ID: 38848465
Your default gateway issues some weird kind of proxy arp. You should either disable this function in the gateway if you can live without it or go into the bug list of the device to find out why it proxies local arp requests. What brand/type of device is your default gateway?
0
 

Author Comment

by:Eric
ID: 38888413
Hi agonza07,  The switches are Dell 6224 with VLAN routing, the switch stack is the default GW for all the VLANS, although that should not affect things as the route I need is within a single VLAN.  I have verified all subnets masks are the same.  Ping doesn't work if I add static arp to the servers.
0
 
LVL 10

Accepted Solution

by:
mat1458 earned 1980 total points
ID: 38893323
Can you do a "show ip interface vlan x" for the specific VLAN and post the output? Especially interesting would be the setting of ip local proxy-arp. I see that there is such a feature in your Dell switch, however apart from monitoring traffic I do not yet see a reason to use it. In the manual I have not found any explanation on how to switch it on or off but I'd try a "no ip proxy-arp local" on the VLAN interface.
0
 

Author Comment

by:Eric
ID: 38908594
Hi

This is the out put from show ip

Routing Interface Status....................... Up
Primary IP Address............................. 10.2.171.254/255.255.255.0
Routing Mode................................... Enable
Administrative Mode............................ Enable
Forward Net Directed Broadcasts................ Disable
Proxy ARP...................................... Enable
Local Proxy ARP................................ Enable
Active State................................... Active
MAC Address.................................... 0023.AEC4.D9D8
Encapsulation Type............................. Ethernet
IP MTU......................................... 1500
Bandwidth...................................... 10000 kbps
Destination Unreachables....................... Enabled
ICMP Redirects................................. Enabled

ip local proxy-arp is now off and tracert produces the same result with the extra entry of the switch.
0
 

Author Closing Comment

by:Eric
ID: 38909238
Thank you to all who helped with this, the answer was in the local proxy-arp, turning it off didn't have an immediate effect hence the response but later the cache must have cleared and all is working correctly now - again thanks for the help.
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had an issue with InstallShield not being able to use Computer Browser service on Windows Server 2012. Here is the solution I found.
This article is a collection of issues that people face from time to time and possible solutions to those issues. I hope you enjoy reading it.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
Michael from AdRem Software outlines event notifications and Automatic Corrective Actions in network monitoring. Automatic Corrective Actions are scripts, which can automatically run upon discovery of a certain undesirable condition in your network.…

971 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question