Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

Bad arp entry help

Posted on 2014-09-09
8
Medium Priority
?
340 Views
Last Modified: 2014-09-15
Hello EE,

One server "storage" gets a bad arp entry in the local arp cache for all users on the network and therefore users cannot connect . Once I delete the arp entry locally on a client pc for "storage" , then receive the correct ip to mac entry it works . The "bad mac" entry for storage  appears to be the cisco pix, I cleared the arp cache there as it did have a bad entry for "storage" . The pix arp cache is correct, however, users still receive a bad arp entry for "storage" , again, it is the cisco pix mac address. So again , have to use arp -d and the storage ip to get it to work again .

Any ideas?
0
Comment
Question by:davesnb
  • 4
  • 3
8 Comments
 
LVL 32

Expert Comment

by:harbor235
ID: 40314388
Do they share the same IP address? By bad you mean its not the mac of the storage device but the MAC of the PIX.

harbor235 ;}
0
 

Author Comment

by:davesnb
ID: 40314408
There is no ip conflicts on the network . There is an incorrect arp entry that occurs locally on al client pcs , the mac address is the mac address which is  the pix , when it should be the mac address of storage box. This results in users unable to connect to storage box.
0
 
LVL 32

Accepted Solution

by:
harbor235 earned 1500 total points
ID: 40314566
So I assume the default gateway is the PIX? in that case your arp tables should have an entry for the PIX. That being said
is the default GW IP associated with the bad entry?

Can you post your arp table (arp -a) and the result of "netstat -rn" for UNIX or route print on windows


harbor235 ;}
0
Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

 
LVL 32

Expert Comment

by:harbor235
ID: 40314580
The other possibility is malicious code being executed by some system on your network to redirect traffic. I would put a sniffer on the network and locate the source of the bad arp entries if my other questions are not applicable.


harbor235 ;}
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 40320815
Disable proxyarp in the pix inside interface
0
 

Author Comment

by:davesnb
ID: 40321033
Ok will try those suggestions thanks
0
 

Author Comment

by:davesnb
ID: 40323207
By unteaming the nics on the "storage" box and using the good nic as per the arp table when connections were successful , this seems to have resolved the issue.
0
 

Author Closing Comment

by:davesnb
ID: 40323210
Arp table was useful in tracking down the  problematic nic card .
0

Featured Post

VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
There’s a movement in Information Technology (IT), and while it’s hard to define, it is gaining momentum. Some call it “stream-lined IT;” others call it “thin-model IT.”
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…
Suggested Courses

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question