Who is the sender of the ARP requests? I assume it is the router to which the network is connected.
From watching the ARPs coming to your network using a packet sniffer, can you say if they appear as if somebody was trying to connect to each IP address in turn?
I am seeing this phenomenon quite often on publicly accessible networks. Apparently some infected computers out there are trying to check which IPs are alive. They do it by sending some packets to those IPs. The router to which the destination network is connected has to send an ARP request for each particular destination IP but if that IP is not alive, the request will go unanswered.
If this is the case then there is no simple solution. The problem is caused by external machines trying to contact your internal devices. Thus, cautiously filtering the traffic using ACLs and/or other filtering mechanisms would help a lot.
I am perhaps mistaken here but I do not see how "misaligned" MAC aging and ARP requests go together. ARP requests are generated by end hosts regardlessly of when and how switches age their MAC tables and switches can't do anything about it. Correct me please if I'm wrong...
If your ARP cache timer and MAC aging are not properly aligned, your router will ARP for addresses that don't have a MAC address associated for them. You'll see a lot of ARPs in this case for addresses that simply do not exist.
We see this a lot in our network when computers fall off the network. The Supervisors in our Cat6500s ARP like crazy because their default timer is 4 hours, but the MAC table timer is only 5 minutes. When I stick a sniffer on our network here, I get large amounts of ARPs for addresses that simply don't exist.
Another factor that can generate excessive ARP requests is to have a static route point to an Ethernet interface rather than to the next hop address. This is especially the case when the static route is a static default route.
Is it possible that the original poster had a static route pointed to an Ethernet interface?
Hi everyone, I would like to thank you in advance for any help you can provide a newcomer like myself!
Im studying the 100-105 book by Odom and am currently on the topic of Port security. I purchased a used 2960 and I'm trying to follow a...
While deploying a number of 18xx/2802/3802 model access points (APs), which run AP-COS as their operating platform. It can be observed on some occasions that while many of their access points were able to join the fabric WLC withou...
I am going to design and build an LAN network under a tunnel underground with long distance between the switches.
I will have 2 Catalyst switches and 8 Industrial IE3000, and they will be connected with fiber.
For now I am planning on use Layer-2 s...