Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Webcast-Catalyst9k
New Member

Incomplete ARP

Hi,

I have connected my router to a switch and I have connected some PC in the same LAN. But when I issue show ip arp commands I am getting the incomplete arps, I have not such type of IP address in any of the computer. But I am getting those IP with incomplete ARP. What would be the problem ?

Router

int fa0/1

connected to branch 1

ip address 100.100.100.1 255.255.255.0

int fa0/0

connected to branch 2

ip address 100.100.108.1 255.255.255.0

Router#sh ip arp | in Inc

Internet 100.100.100.39             0   Incomplete     ARPA

Internet 100.100.100.40             0   Incomplete     ARPA

Internet 100.100.100.51             0   Incomplete     ARPA

Internet 100.100.100.52             0   Incomplete     ARPA

Internet 100.100.108.188           0   Incomplete     ARPA

Internet 100.100.108.189           0   Incomplete     ARPA

Internet 100.100.108.194           0   Incomplete     ARPA

Internet 100.100.108.195           0   Incomplete     ARPA

Internet 100.100.108.196           0   Incomplete     ARPA

Internet 100.100.108.197           0   Incomplete     ARPA

Internet 100.100.108.198           0   Incomplete     ARPA

Internet 100.100.108.199           0   Incomplete     ARPA

Waiting for response,

Mero

1 ACCEPTED SOLUTION

Accepted Solutions
Cisco Employee

Incomplete ARP

well, it is not a problem but just and indication that some host is trying to send trying to all those IP's which don't exist. You see them as your router received traffic with those IP in the destination field and triggered a ARP request for them in order to learn the L2 info (mac). Since those IP's don't exist you get incomplete entries.

There might be a legitimate application trying to connect to all host in those given subnets, or some malicious user trying to scan those subnets looking for something...

If you are worried and you wanto to know more try to deploy some strategies to see where those requests are coming from... i'e enable netflow on the WAN interface, or ip accounting, the IOS embedded packet capture or some smart ACL which logs traffic sent to those address. The actual strategy and tool to be used depends on the platform you use and the features available on the given patform/sw combination you have.

Riccardo

4 REPLIES

Incomplete ARP

hi mero,

this could mean your router is not receiving any ARP reply to those devices on your LAN. try to check your cabling and post your router and switch config.

New Member

Incomplete ARP

Dear Johnlloyd,

I have no any computer or device with such ip's then how the ip is coming ?

Mero

Re: Incomplete ARP

Hi Mero,

Could you perform a clear arp and see if the same is still observed? Have you checked your Layer 1 connectivity?

Sent from Cisco Technical Support iPhone App

Cisco Employee

Incomplete ARP

well, it is not a problem but just and indication that some host is trying to send trying to all those IP's which don't exist. You see them as your router received traffic with those IP in the destination field and triggered a ARP request for them in order to learn the L2 info (mac). Since those IP's don't exist you get incomplete entries.

There might be a legitimate application trying to connect to all host in those given subnets, or some malicious user trying to scan those subnets looking for something...

If you are worried and you wanto to know more try to deploy some strategies to see where those requests are coming from... i'e enable netflow on the WAN interface, or ip accounting, the IOS embedded packet capture or some smart ACL which logs traffic sent to those address. The actual strategy and tool to be used depends on the platform you use and the features available on the given patform/sw combination you have.

Riccardo

20878
Views
0
Helpful
4
Replies
CreatePlease to create content