Bad arp entry help

Posted on 2014-09-09
Last Modified: 2014-09-15
Hello EE,

One server "storage" gets a bad arp entry in the local arp cache for all users on the network and therefore users cannot connect . Once I delete the arp entry locally on a client pc for "storage" , then receive the correct ip to mac entry it works . The "bad mac" entry for storage  appears to be the cisco pix, I cleared the arp cache there as it did have a bad entry for "storage" . The pix arp cache is correct, however, users still receive a bad arp entry for "storage" , again, it is the cisco pix mac address. So again , have to use arp -d and the storage ip to get it to work again .

Any ideas?
Question by:davesnb
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 4
  • 3
LVL 32

Expert Comment

ID: 40314388
Do they share the same IP address? By bad you mean its not the mac of the storage device but the MAC of the PIX.

harbor235 ;}

Author Comment

ID: 40314408
There is no ip conflicts on the network . There is an incorrect arp entry that occurs locally on al client pcs , the mac address is the mac address which is  the pix , when it should be the mac address of storage box. This results in users unable to connect to storage box.
LVL 32

Accepted Solution

harbor235 earned 500 total points
ID: 40314566
So I assume the default gateway is the PIX? in that case your arp tables should have an entry for the PIX. That being said
is the default GW IP associated with the bad entry?

Can you post your arp table (arp -a) and the result of "netstat -rn" for UNIX or route print on windows

harbor235 ;}
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

LVL 32

Expert Comment

ID: 40314580
The other possibility is malicious code being executed by some system on your network to redirect traffic. I would put a sniffer on the network and locate the source of the bad arp entries if my other questions are not applicable.

harbor235 ;}
LVL 79

Expert Comment

ID: 40320815
Disable proxyarp in the pix inside interface

Author Comment

ID: 40321033
Ok will try those suggestions thanks

Author Comment

ID: 40323207
By unteaming the nics on the "storage" box and using the good nic as per the arp table when connections were successful , this seems to have resolved the issue.

Author Closing Comment

ID: 40323210
Arp table was useful in tracking down the  problematic nic card .

Featured Post

Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Let’s face it: one of the reasons your organization chose a SaaS solution (whether Microsoft Dynamics 365, Netsuite or SAP) is that it is subscription-based. The upkeep is done. Or so you think.
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Suggested Courses

622 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question