cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
780
Views
0
Helpful
5
Replies

Wierd ARP or WIndows 2003 issue

jkrawczyk
Level 1
Level 1

Hi;

I've moved a WIndows 2003 server from a dumb cisco switch to my 6509 Catalyst. Since doing this, I'm experiencing a wierd issue in that:

HostA= Windows XP client 198.177.133.61/24

HostB= Windows 2003 Server 198.177.133.12/24

Ping from HostA to HostB (Fail)

Ping from HostB to HostA (Success)

Ping from HostA to HostB (Success)

When the arp table on HostA expires, or I arp -d 198.177.133.12 I can no longer ping HostB from HostA.

Both of my SupII's are fitted with MSFC2 router cards. I am using HSRP. My standby address is 198.177.133.45.

Here, lookie:

interface Vlan10

description Legacy LAN

ip address 198.177.133.27 255.255.255.0

ip helper-address 172.30.192.82

ip helper-address 172.20.0.111

no ip redirects

standby 10 ip 198.177.133.45

standby 10 priority 195

standby 10 preempt

end

How come the arp process isn't sending Windows XP the mac address? Windows firewall is disable.

Is this a WIndows or MSFC router issue?

Regards

JSK

5 Replies 5

Roberto Salazar
Level 8
Level 8

Ping from HostA= Windows XP client 198.177.133.61/24 to

HostB= Windows 2003 Server 198.177.133.12/24 does not even go to L3 or MSFC since they are in the same subnet. The ping from either hosts are sent directly to that host since they are in the same subnet. Question is why does the hostB does not respond to host A's ARP? Is the cam table of the 6509 populated for both devices? Are they both connected to the same 6509?

Hi;

Yes these are on the same switch 9/18 and 9/22. I'm running span so that I can monitor traffic from 9/1 and dump to 9/18. 9/1 is in vlan1 and 9/18 is on vlan10. maybe this has something to do with this issue. Do you think this is true?

Regards JSK

Destination : Port 9/18

Admin Source : Port 9/1

Oper Source : Port 9/1

Direction : transmit/receive

Incoming Packets: enabled

Learning : enabled

Multicast : enabled

Filter : -

Status : active

Check the ARP entries on all the devices involved resolve to the same MAC addresses. It may be a proxy-arp issue - check that the 2 Windows 2003 servers have the correct ARP entroes for each other.

I have seen odd things like this where the router proxy-arps due to a more specific route so the ARP cache on the client contains the router MAC for what would be a local device.

HTH

Andy

Hi,

I dont think you would be able to ping anything that is connected to 9/18 as it is the destination span. it would be in monitoring state. Correct me if i am wrong. Thanks

Regards,

Rathish

Hi Rathish,

Because I utilise the 'inpkts enable', I can ping.

However, I found the cause of this.

This Windows 2003 server is in VLAN10, and my router interface that I am monitoring is in VLAN1. If I shut down the span session, this server becomes vivible.

To correct this, I have changed the default route on my core 6509 switch routers (msfc2) to point to the router interface in vlan10 and then I changed the span session to monitor egress traffic at that vlan10 router infterface.

Kind Regards

Jeff

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Innovations in Cisco Full Stack Observability - A new webinar from Cisco