Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

RV082 ARP Issue booting clients off Internet?

I am having the strangest issue on my network and am hoping anyone could offer insight as to why it is happening? 

I have a network of 50+ users with half running XP and half running Windows 7.  Soon we will be upgrading all users to Windows 7.  During the past month a number of the Windows 7 users have reported intermittent Internet connectivity.  I would go to their computer and see that they are getting all the correct IP information from the DHCP server and reboot their network adapter.  Usually one reset of the adapter would do, but sometimes had to reset it twice or three times before connectivity would occur. 

After a few weeks of this more users would report consistent intermittent connectivity.  Just to the Internet, as they were able to reach their folders on our file server and were able to receive e-mails from our e-mail server.  I decided to monitor the network traffic on one of the adapters having the issue using Wireshark, and found an ARP request and reply for the gateway IP.  I logged into the router and found that the reply given to the Windows 7 machine was incorrect, as the MAC address given to the Windows 7 machine was the WAN1 port of the RV082.  The LAN port on the router is 192.168.0.1 and has a MAC of xx-xx-xx-xx-xx-x0.  The WAN1 port on the router has a public IP and has a MAC of xx-xx-xx-xx-xx-x1.  I checked the arp cache on the Windows 7 computers and confirmed that when they have no internet connectivity the ARP cache reads like this:

192.168.0.1   xx-xx-xx-xx-xx-x1  dynamic

The machine is able to ping every machine on the internal network except for the gateway IP.  Also, after updating the cache to map the gateway IP with the LAN port MAC address, using:

netsh interface ipv4 add neighbors "connection name" 192.168.0.1 xx-xx-xx-xx-xx-x0

the issue was resolved for that Windows 7 machine.  However, the issue is ongoing for every Windows 7/Vista machine added to the network.  I do not want to update the ARP cache on every Vista/7 machine introduced to the network. 

Is there anything that can be causing this issue?  We are running firmware  2.0.2.01-tm which was updated from 2.0.0.19-tm just 2 weeks ago.              

Everyone's tags (5)
3 REPLIES

RV082 ARP Issue booting clients off Internet?

You might want to backup your router's config file, and contact the Support Center to provide the config file for analysis.

One thing you could consider trying is to reset the router to factory default, reconfig the router from scratch. and see if that clears up the issue.

New Member

RV082 ARP Issue booting clients off Internet?

Well, it's definitely not a router hardware issue as we received a new router RV082, and I reconfigured it from scratch.  After switching back the Windows 7 computers' ARP cache it started reverting the gateway IP to the WAN port MAC of the new router.  Frustrating.

Possibly a Windows 7 issue as it only appears to rear its head on these machines?

New Member

RV082 ARP Issue booting clients off Internet?

OK well,

downloaded  XArp to see what's going on and the logs detail that it is indeed  happening to XP machines, however, the correct port is immediately  sending out the correct ARP reply after the WAN port's incorrect reply:

19/07/2012  - 14:03:25 - arp - ChangeFilter: MAC address for IP 192.168.0.1 changed  from f0-f7-55-4e-e3-d0 to f0-f7-55-4e-e3-d1 - 0x2 - f0-f7-55-4e-e3-d1 -  00-25-11-1f-8a-7c - reply - f0-f7-55-4e-e3-d1 - 00-25-11-1f-8a-7c -  192.168.0.1 - 192.168.0.109 - in

19/07/2012 - 14:03:25 - arp -  ChangeFilter: MAC address for IP 192.168.0.1 changed from  f0-f7-55-4e-e3-d1 to f0-f7-55-4e-e3-d0 - 0x2 - f0-f7-55-4e-e3-d0 -  00-25-11-1f-8a-7c - reply - f0-f7-55-4e-e3-d0 - 00-25-11-1f-8a-7c -  192.168.0.1 - 192.168.0.109 - in

So  XArp is saying that the source mac for this change is the WAN port of  my new router?  If this was an ARP attack what would be the benefit of  creating a script to change everyone's ARP cache to point the gateway IP  to the WAN port of the RV082??  Just as a denial of service?  How would  I go about flushing this offensive script out? 

Is there a way to tell the WAN port of the RV082 to stop responding to such an internal ARP request?

677
Views
0
Helpful
3
Replies
CreatePlease login to create content