Wierd ARP or WIndows 2003 issue

Unanswered Question
Feb 22nd, 2006
User Badges:

Hi;


I've moved a WIndows 2003 server from a dumb cisco switch to my 6509 Catalyst. Since doing this, I'm experiencing a wierd issue in that:


HostA= Windows XP client 198.177.133.61/24

HostB= Windows 2003 Server 198.177.133.12/24


Ping from HostA to HostB (Fail)

Ping from HostB to HostA (Success)

Ping from HostA to HostB (Success)


When the arp table on HostA expires, or I arp -d 198.177.133.12 I can no longer ping HostB from HostA.


Both of my SupII's are fitted with MSFC2 router cards. I am using HSRP. My standby address is 198.177.133.45.


Here, lookie:

interface Vlan10

description Legacy LAN

ip address 198.177.133.27 255.255.255.0

ip helper-address 172.30.192.82

ip helper-address 172.20.0.111

no ip redirects

standby 10 ip 198.177.133.45

standby 10 priority 195

standby 10 preempt

end


How come the arp process isn't sending Windows XP the mac address? Windows firewall is disable.


Is this a WIndows or MSFC router issue?


Regards

JSK

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Roberto Salazar Wed, 02/22/2006 - 13:02
User Badges:
  • Gold, 750 points or more

Ping from HostA= Windows XP client 198.177.133.61/24 to

HostB= Windows 2003 Server 198.177.133.12/24 does not even go to L3 or MSFC since they are in the same subnet. The ping from either hosts are sent directly to that host since they are in the same subnet. Question is why does the hostB does not respond to host A's ARP? Is the cam table of the 6509 populated for both devices? Are they both connected to the same 6509?

jkrawczyk Wed, 02/22/2006 - 13:21
User Badges:

Hi;


Yes these are on the same switch 9/18 and 9/22. I'm running span so that I can monitor traffic from 9/1 and dump to 9/18. 9/1 is in vlan1 and 9/18 is on vlan10. maybe this has something to do with this issue. Do you think this is true?

Regards JSK


Destination : Port 9/18

Admin Source : Port 9/1

Oper Source : Port 9/1

Direction : transmit/receive

Incoming Packets: enabled

Learning : enabled

Multicast : enabled

Filter : -

Status : active


andrew.butterworth Thu, 02/23/2006 - 01:55
User Badges:
  • Gold, 750 points or more

Check the ARP entries on all the devices involved resolve to the same MAC addresses. It may be a proxy-arp issue - check that the 2 Windows 2003 servers have the correct ARP entroes for each other.

I have seen odd things like this where the router proxy-arps due to a more specific route so the ARP cache on the client contains the router MAC for what would be a local device.


HTH


Andy

rathish_ram Tue, 02/28/2006 - 21:34
User Badges:

Hi,

I dont think you would be able to ping anything that is connected to 9/18 as it is the destination span. it would be in monitoring state. Correct me if i am wrong. Thanks


Regards,

Rathish

jkrawczyk Wed, 03/01/2006 - 05:26
User Badges:

Hi Rathish,


Because I utilise the 'inpkts enable', I can ping.


However, I found the cause of this.


This Windows 2003 server is in VLAN10, and my router interface that I am monitoring is in VLAN1. If I shut down the span session, this server becomes vivible.


To correct this, I have changed the default route on my core 6509 switch routers (msfc2) to point to the router interface in vlan10 and then I changed the span session to monitor egress traffic at that vlan10 router infterface.


Kind Regards

Jeff

Actions

This Discussion