[nsp] ARP errors!!!!

Cougar cougar at random.ee
Tue May 25 13:47:42 EDT 2004


On Tue, 25 May 2004 james at thehamptonfamily.us wrote:

> My router is suddenly entering into its arp table address from other
> subnets that it has no interfaces in.
> 
> TLTOLOH-6400-0-NRP1#show ip arp
> Protocol  Address          Age (min)  Hardware Addr   Type   Interface
> Internet  209.45.x.2x          0   0003.fed5.8000  ARPA   FastEthernet0/0/0
[----]
> May 25 12:37:48: IP ARP: rcvd req src 64.254.b.x 0003.fed5.8000, dst
> 64.254.b.y FastEthernet0/0/0

This is how Cisco behaves. It enters MAC immediately to ARP table if it 
gets ARP request from this MAC and gets IP address from that packet.

In your case there may be some shared medium (ethernet with more than one
subnet) or some router does proxy ARP or something like that. It is even
possible that some node on that ethernet forges packets but if these MACs 
really exist somwhere else then it should be proxy ARP.

I have used this 'feature' to switch over IP address from one server to
another in HA environment using send_arp program by Yuri Volobuev :-)

---
Cougar


More information about the cisco-nsp mailing list