I hope this is in the correct category - It involves our LAN and Routing/Troubleshooting.
I have 15+ years computer, server and network support experience...but am by no means an expert. I've held my CCNA since 2001, but until the past 6 months, have never supported Cisco products on a full time basis as in my current position.
We have a network comprised of over 100 Cisco switches and routers, mostly utilizing 3750 model switches with approx. 1500 end-user systems in the field. We operate in a WAN environment, spread across approx. 20 miles. We utilize OSPF for routing.
Herein, I am referring to firewall responsibilities of our network.
Recent Firewall logs/reports have shown constant IP Spoofing events from our Firewall occurring on our Internal/LAN interface.
To the best of my ability, I believe some Wireless or other NICs on our network are improperly receiving Microsoft APIPA IP addresses (ie. 169.254.X.X) and as a result, are unable to route within our network - instead directed to our firewall and in turn, creating these unwanted events (hundreds upon hundreds per day).
I am seeking suggestions/guidance on how I can troubleshoot, isolate and ultimately resolve these instances - if possible. How can I trace/back trace the originating source host of these incorrect IPs and their traffic?
And yes, I do have time to be proactive unlike past positions...so time is not too much a concern. However, methodology and isolation approach to resolving this problem is what I need assistance in.
Does anyone here happen to have experience in this or would anyone be able to provide some insight on how I can begin/proceed to troubleshoot this issue, with full access to all Cisco devices, even if it involves Port Mirroring and Packet Sniffing.
Any and all suggestions would be appreciated!.
I wish to thank you in advance for your assistance, as well as attention to my inquiry within!!!!