1. Home
  2. Cisco Systems
  3. ARP Poisoning?

ARP Poisoning?

OK, I have a very strange problem that I will attempt to outline. Here is the situation:

I have a DHCP server that exist on about 10 inside VLANs. It is trunked into all VLANs that it services with different scopes assigned for each VLAN.

What is happening is everyday a few users (there is no pattern) will complain of not being able to get to internet or email. They can ping everything on their VLAN and even things on other internal VLANs. The problem is getting across the ASA (it is a 5540). The Exchange server sits in the DMZ and obviously the internet is on the outside.

To fix this I was originally finding out what address was assigned to the node, excluding it from the scope, and having the node pull a new address. This worked but I do not want to have to keep doing this. I then began thinking that this was an ARP problem and I have twice so far gone in and done a "clear arp" on the ASA when I have users with this problem and this fixes the problem too...

Any ideas on this one?

Reply to
Steven B
Loading thread data ...

When you are experiencing the problem, before clearing the ARP cache on the ASA, check to see the ARP entry for the client machine (the one with the problem) matches the actual MAC. If it matches, check the ARP entry for the next-hop router. If that matches as well, you are not looking at an ARP poisoning problem. If they do not match, track down the offending MAC on the switched network.

Also, do all of your VLANs use the ASA as a default gateway, or do you have a router there. - It would help to know the topology of the network in question.

Thanks JC

Reply to
J.Cottingim

No, none of the VLAN use the ASA as the default gateway. They all use a 4006 which has different IP addresses assigned to the different VLANs. I will take a look at the ARP entry's the next time this happens (most likely tomorrow) and see what is up...

Reply to
Steven B

On the non-working clients, do the acquired DHCP details match the details from the scope on the DHCP server? especially subnet mask?

Just wondering if you have a second DHCP service somewhere handing out its own DHCP scopes.

Reply to
Arthur Brain

On the non-working clients, do the acquired DHCP details match the details from the scope on the DHCP server? especially subnet mask?

Just wondering if you have a second DHCP service somewhere handing out its own DHCP scopes.

Reply to
Arthur Brain

No, the only DHCP server is the one trunked into all of the VLANs. When I do an ipconf/release ipconfig/renew it pulls the same address (which is not unusual) with all the correct information. If I exclude the address from the scope and have the machine pull a new one it does and this generally fixes the problem...

Reply to
Steven B

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.