- DHCP
- Networking
Who has IP? Tell IP
Receiving a ton of "who has 10.0.30.30? Tell 10.0.30.1"
30.1 gateway
30.30 first IP in dhcp pool.
IP has not been assigned in scope (its available).
Wireshark showing broadcast source of gateway SG300-52P.
However SG300-52P arp table has no reference (guess that's obvious from the packet info).
Not sure how to find where this request is coming from and/or how to turn it off.
30.1 gateway
30.30 first IP in dhcp pool.
IP has not been assigned in scope (its available).
Wireshark showing broadcast source of gateway SG300-52P.
However SG300-52P arp table has no reference (guess that's obvious from the packet info).
Not sure how to find where this request is coming from and/or how to turn it off.
Receiving a ton of "who has 10.0.30.30? Tell 10.0.30.1"
I'm not quite sure what that might be. Could you expand on the specifics of the situation?
I'm not quite sure what that might be. Could you expand on the specifics of the situation?
Some system tries to access the 10.0.30.30 through the router.
So the router tries to find the MAC address for this system ==> ARP requests.
It has nothing to do with the DHCP as such.
Is there a port forwarding on the SG300-52P? any other special thing configured? around ip address 10.0.30.30?
Running Wireshark for an unrelated analysis. Noticed that almost 25% of my packets analyzed show
Destination: Broadcast
Protocol: ARP
Length: 60
Info: Who has 10.0.30.30? Tell 10.0.30.1
So it looks to me like something on my network is trying to find 10.0.30.30.
However, I have no devices registered with this IP. Possibly at some point I did since its the first IP in the scope.
Just trying to figure out where this is coming from and how to make it stop.
Destination: Broadcast
Protocol: ARP
Length: 60
Info: Who has 10.0.30.30? Tell 10.0.30.1
So it looks to me like something on my network is trying to find 10.0.30.30.
However, I have no devices registered with this IP. Possibly at some point I did since its the first IP in the scope.
Just trying to figure out where this is coming from and how to make it stop.
If someone tries to reach (or ping) 10.0.30.30, the gateway's job is to find a way to that address.
So it sends broadcasts (ARP requests) to get the MAC address for 10.0.30.30.
As log as no one use this address, nobody can make an entry to his arp-table.
noci,
I have static routes in my ASA to vlan 10.0.30.0 and on the switch.
But nothing specifically routed to 30.30. since its in my dhcp scope.
Something had that address in the past. But not in a long while.
Dirk,
the way you describe it is what has me puzzled. no one should be trying to reach it.
but something seems to be looking for it.
I'm just trying to eliminate unnecessary chatter on the network
I have static routes in my ASA to vlan 10.0.30.0 and on the switch.
But nothing specifically routed to 30.30. since its in my dhcp scope.
Something had that address in the past. But not in a long while.
Dirk,
the way you describe it is what has me puzzled. no one should be trying to reach it.
but something seems to be looking for it.
I'm just trying to eliminate unnecessary chatter on the network
@Dirk that is only if the traffic goes through the router. Not if it another system on the LAN.
The ARP table should show an unresolved ARP entry... (hw address mentioning incomplete ..)
@ShawnGray
No ALG active? no proxies? Is the running config the same as the stored config?...
If there is a DHCP request from a system it may try to do a reachability check.. for the proposed address. That involves a least ARP.
Then there should be a system receiving that address shortly after it.
You may need a better picture by sampling a copy of all traffic to your SG300-52P
i would use a notebook with wireshark, configure the NB with 10.0.30.30 and look which traffic tries to reach this system.
A guess for the reason as you're mentioned DHCP:
To high values for lease duration, incorrect DNS TTL? So that one device thinks the name it wants to resolve is still at 30.30, but your gateway doesn't know it, cause that device has already a new IP?
So in addition to the other answers: You should look at your gateway to identify who wants to reach 30.30. Then flush the DNS cache on that machine or its upstream DNS cache.
To high values for lease duration, incorrect DNS TTL? So that one device thinks the name it wants to resolve is still at 30.30, but your gateway doesn't know it, cause that device has already a new IP?
So in addition to the other answers: You should look at your gateway to identify who wants to reach 30.30. Then flush the DNS cache on that machine or its upstream DNS cache.
Explore More Content
Explore More ContentExplore courses, solutions, and other research materials related to this topic.
-
![]()
received a Solution
DHCP handing out incorrect IP addresses -
![]()
wrote an Article
![]()
An Overview of DHCP
-
![]()
created a Video
![]()
Free upgrade of Nuance PaperPort Professional 14.5 to Kofax PaperPort Professional 14.7
-
Explore Cloud Class® ![]()
Certification: CCNP Cisco Certified Network Professional - Troubleshooting and Maintaining Cisco IP Networks
