Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Internet router ARP output error

I've a c3640 Internet router recently upgraded to IOS 12.0.26 showing the following output in connection with the SHOW ARP commend despite that I did " clear ARP " just a minute ago:

Internet_II#sh arp

Protocol Address Age (min) Hardware Addr Type Interface

Internet 63.161.138.20 0 Incomplete ARPA

Internet 216.207.28.11 0 Incomplete ARPA

Internet 63.161.138.21 0 Incomplete ARPA

Internet 216.207.28.10 0 Incomplete ARPA

Internet 63.161.138.22 0 Incomplete ARPA

Internet 216.207.28.9 0 Incomplete ARPA

Internet 63.161.138.23 0 Incomplete ARPA

Internet 216.207.28.8 0 Incomplete ARPA

Internet 63.161.138.16 0 Incomplete ARPA

Internet 216.207.28.15 0 Incomplete ARPA

Internet 63.161.138.17 0 Incomplete ARPA

Internet 216.207.28.14 0 Incomplete ARPA

Internet 63.161.138.18 0 Incomplete ARPA

Internet 216.207.28.13 0 Incomplete ARPA

Internet 63.161.138.19 0 Incomplete ARPA

Internet 216.207.28.12 0 Incomplete ARPA

Internet 63.161.138.28 0 Incomplete ARPA

Internet 216.207.28.3 0 Incomplete ARPA

Internet 63.161.138.29 0 Incomplete ARPA

Internet 216.207.28.2 0 Incomplete ARPA

Internet 63.161.138.30 0 Incomplete ARPA

Internet 216.207.28.1 - 00d0.bad2.bd01 ARPA Ethernet0/0

Internet 63.161.138.31 0 Incomplete ARPA

Any ideas?

1 REPLY
Bronze

Re: Internet router ARP output error

Looks like you have the default route pointed to the interface instead of the next hop address. That makes the router arp for every destination. Not good because your arp table can get very large. Also looks like the next hop router is not answering the arps, at least for these addresses. Since they are sequential it looks like someone in your network is scanning these networks and the default flow in your network is making the packets flow up to your internet connection. They may not exist and thats why they are incomplete.

Do you see any valid arp entries all with your internet router's mac address. Change the default next hop to an address.

Your firewall log will show the culprit doing the scan.

103
Views
0
Helpful
1
Replies