Router ARP Requests to an offline host...

Unanswered Question
Nov 20th, 2009

How can I find out why my default gateway router (Cisco 857) keeps sending out ARP requests for the MAC address of a host that is offline?

When I sniff packets on the internal LAN, I continue to see these broadcast ARP requests coming from this router, asking for the MAC address of whoever it is that has this particular IP address. It never gets a response back, because there is no such host that is active on our LAN. Yet the ARP requests continue...

Any guideance would be greatly appreciated. Thanks!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Jon Marshall Fri, 11/20/2009 - 11:00


Check the config to see if there are references to the IP address that the router is arping out for


p3t3rt0sh Fri, 11/20/2009 - 11:07

There is nothing in the running-config that is referencing the particular IP address...

p3t3rt0sh Fri, 11/20/2009 - 13:08

I have no recollection of what this host was. It's IP address does not fall under our DHCP scope, so it was staticlly configured, whatever it was.

I'm thinking of configuring a client with this IP address and sniffing the packets to see if I can figure out what kind of traffic the router wants to pass to it.

Richard Burts Sat, 11/21/2009 - 03:44

The symptoms that you describe of the router ARPing for this address repeatedly suggest that something is sending packets to this router for that destination address. There are a couple of ways that you could investigate what this is:

- your suggestion of putting that address on a client and sniffing would work.

- if you have netflow configured on the router you might find the source address and protocol ports in the netflow data.

- you could configure an access list on the router interface with a permit statement for that destination address and the log parameter so that the router will create log messages for the packets which would have identifying information.




This Discussion