VPN concentrator cause arp-reply storm

justinvo · ‎06-15-2003

Hi,

My network is experiencing a occasional arp-reply storm for about 15 mins then stop. A sniffer see that there are a lot of arp-reply from the router. Not sure if this is a router or VPN Concentrator problem.

Router:c3660-i-mz.122-16a

VPN: vpn3000-3.6.7.F-k9 (VPN 3015)

Steel-Belted Radius ver 2.20.49

Basically this start to happen when I start to configure my VPN external interface to use the Radius assigned IP address instead via DHCP. Due to a current restriction, I have to configure the router to have a secondary interface to accommodate for this new IP segment. This will allow me to manually assigned which user to have which IP.

This problem does not happen all the time but at least twice a week which last on average about 15 minutes. During this time, my router still forwarding traffic but accessing the router and the switch is not possible. The arp-reply basicly telling the Concentrator that an IP address is via the external interface of the Concentrator.

Anyone know why ?

Kind regards,

Justin

m.singer · ‎06-26-2003

To what address is the ARP message being sent for??

justinvo · ‎07-10-2003

This is the captured message:

16:09:16.418533 arp who-has 192.168.15.156 tell 192.168.8.5

The IP 192.168.15.156 is an IP address that allocated by the radius server.

The IP 192.168.8.5 is the public interface of the VPN concentrator

The sniffer is placed to sniffer the interface of the router which has an IP of 192.168.8.1

thanks

Justin