https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696894#M1093851 <P>That could be due to a static route that is pointing to the exit interface rather than to the next hop which is not really recommended at all.</P> Fri, 30 Sep 2022 16:59:32 GMT Aref Alsouqi 2022-09-30T16:59:32Z https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696835#M1093845 <P>Hi everyone<span class="lia-inline-image-display-wrapper lia-image-align-right" image-alt="Untitled.png" style="width: 563px;"><img src="https://community.cisco.com/t5/image/serverpage/image-id/163830i5EBEF3349EC6F1E1/image-dimensions/563x419?v=v2" width="563" height="419" role="button" title="Untitled.png" alt="Untitled.png" /></span>, have a nice day</P><P>I have a big network with multiple cisco routers, switches(IOSXE, IOSXR), and NX, I found in the ARP table multiple IP addresses with the same mac address, I try to track the mac address but the port for this mac return me the previous router&nbsp;</P><P>please any help or explain this issue</P> Fri, 30 Sep 2022 15:19:11 GMT https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696835#M1093845 ahmed ferhan 2022-09-30T15:19:11Z https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696864#M1093847 <P>are there any static route toward this router&nbsp;</P> Fri, 30 Sep 2022 16:14:39 GMT https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696864#M1093847 MHM Cisco World 2022-09-30T16:14:39Z https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696894#M1093851 <P>That could be due to a static route that is pointing to the exit interface rather than to the next hop which is not really recommended at all.</P> Fri, 30 Sep 2022 16:59:32 GMT https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696894#M1093851 Aref Alsouqi 2022-09-30T16:59:32Z https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696964#M1093860 <P>of course, there is ..</P> Fri, 30 Sep 2022 19:57:08 GMT https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696964#M1093860 ahmed ferhan 2022-09-30T19:57:08Z https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696965#M1093861 <P>the default route already exist into the switch because i need the end user to reach the internet</P> Fri, 30 Sep 2022 19:59:38 GMT https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696965#M1093861 ahmed ferhan 2022-09-30T19:59:38Z https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696966#M1093862 <P>so config the static route as following&nbsp;<BR />ip route x.x.x.x y.y.y.y &lt;egress interface&gt; &lt;next-hop&gt;<BR />this will stop ARP issue.&nbsp;<BR />for more info. check link below<BR /><A href="https://www.cisco.com/c/en/us/support/docs/dial-access/floating-static-route/118263-technote-nexthop-00.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/dial-access/floating-static-route/118263-technote-nexthop-00.html</A></P> Fri, 30 Sep 2022 20:01:20 GMT https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696966#M1093862 MHM Cisco World 2022-09-30T20:01:20Z https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696970#M1093864 <P>i config this route as ( ip route 0.0.0.0 0.0.0.0 + (ip which is the gateway))</P> Fri, 30 Sep 2022 20:14:42 GMT https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4696970#M1093864 ahmed ferhan 2022-09-30T20:14:42Z https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4697069#M1093872 <P>that great you already specify the the next-hop so no issue at all but for many arp let me make deep dive,&nbsp;<BR />I will update you soon&nbsp;</P> Sat, 01 Oct 2022 13:45:43 GMT https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4697069#M1093872 MHM Cisco World 2022-10-01T13:45:43Z https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4697238#M1093884 <P>I'll be appreciated you</P> Sun, 02 Oct 2022 14:43:41 GMT https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4697238#M1093884 ahmed ferhan 2022-10-02T14:43:41Z https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4703547#M1094261 <P>hi friend&nbsp;<BR />I dont forget you but I was looking for case that ARP is use for each IP in subnet&nbsp;<BR />1- static route toward interface (this we discus before you confirm that you use next-hop not interface)<BR />2- PBR with set interface&nbsp;<BR /><BR />so for second case can you confirm that you use PBR?</P> Fri, 14 Oct 2022 19:16:26 GMT https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4703547#M1094261 MHM Cisco World 2022-10-14T19:16:26Z https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4703640#M1094267 <P>Hi MHM, thank you for your support, I am so appreciated your followed<BR />into( Router and SW)&nbsp; I am setting two access list controls only without route-map&nbsp;<BR />the first access list is used for management access and this set on ssh protocol&nbsp; and the second access list is used for port security ( traffic or services )that allowed to pass through the router and this set to the management interface&nbsp;</P> Sat, 15 Oct 2022 07:17:11 GMT https://community.cisco.com/t5/network-security/arp-spoofing/m-p/4703640#M1094267 ahmed ferhan 2022-10-15T07:17:11Z