1. Home
  2. Cisco Certification
  3. HELP on ARP flooding

HELP on ARP flooding

Hello everybody ... i don't know if it is a really problem but i post my question :

I Have a CISCO 3640. On an Ethernet interface i have a simply hub connected and other routers connected on this switch on the same VLAN (everybody see everybody ).

If i Sniff on the lan, my main router sends ARP broadcasts and demand for each IP address of my network .. I dont' have any soft behind this router who polls the lan .. this ARP requests seems to be produced only by the router .. so .. my other routers are behind low rate links and this ARP fllood takes me so much bandwitch ...

Can anybody explain me if it's normal that my router polls my entire LAN flooding me with ARP requests ??

Thnk you for your responses .. I Hope my english is correct .. Diego - Marseille -France

Reply to
-------------------
Loading thread data ...

ARP requests are supposed to flood the entire VLAN. If you have a large number of devices connected to VLAN 1 then broadcast traffic will consume a sizeable chunk of bandwidth.

A few options to reduce the effects are to add more VLANs, increase the bandwidth, or remember ARP entries for longer.

Use the IOS ARP show and debug commands.

Odd... servers and workstations usually produce some requests, too.

Reply to
hb350001

a écrit dans le message de news: snipped-for-privacy@4ax.com...

OK .. thanks for these advices .. i know that ARP floods entire VLAN,because a VLAN is a broadcast domain no ? ;-) But what i don't understand is that the router begans arp request from ( for example)

192.168.01, 2,3,4,5,6,7, etc ... to the entire subnet .. This arp flood is not normal you confirm ? I'll debug ARP to see what happened .. Thank you again
Reply to
-------------------

Check to see if there is a default route pointing towards the physical interface, and if so, change it to point towards the next hop address.

Reply to
John Agosta

OK .. i found the origin of the proble but i still don't explain it .. :-(( I had a secondary interface configured on this interface ( 192.168.10.254/24 and 192.168.20.254/24 on secondary).. When i delete secondary interface, ARP requests stops .... but before stoping, the ARP requests were polling all the 2 subnets ... not only the second ..

I have no idea about the reason of this ARP request flooding ..

"John Agosta" a écrit dans le message de news: snipped-for-privacy@wideopenwest.com...

Reply to
-------------------

This WOULD be normal if a PC on your network (not the router itself) was doing a scan of then network you are sniffing on. In this case, the packets would be comming from your router - on Layer

2, but from a different device on Layer 3. It would be helpfull to post the decode of a couple of the ARP's that you've captured.

J.Cottingim

Reply to
jcottingim

OK .. i found the origin of the proble but i still don't explain it .. :-(( I had a secondary interface configured on this interface ( 192.168.10.254/24 and 192.168.20.254/24 on secondary).. When i delete secondary interface, ARP requests stops .... but before stoping, the ARP requests were polling all the 2 subnets ... not only the second ..

I have no idea about the reason of this ARP request flooding ..

"John Agosta" a écrit dans le message de news: snipped-for-privacy@wideopenwest.com...

Reply to
-------------------

one more thought.

The network scan I spoke about could be any of several things. HP OpenView (in network discovery) SNMPc (in network discovery) Someone using NMAP to do a host/network discovery.

bottom line... post the decode of the ARP.

Reply to
jcottingim

Reply to
hb350001

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.