cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
626
Views
2
Helpful
17
Replies

arp -a

IrfanKhan4904
Level 1
Level 1

Our gateway mac address is different when we give arp -a in cmd the mac address is another show when we trace it shows a student mac what could be the problem?

17 Replies 17

Torbjørn
Spotlight
Spotlight

Could a student have assigned its own machine the gateway IP address?

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

Sure this is l2 attack' the hack PC send GARP to all other host it mac and GW IP.

This make traffic forward to hack PC before reforward again.

So hack PC be man in middle see all traffic from host to GW.

349641.jpg

 you need DAI for this attack.

MHM

Our Gateway original Mac Address is 6cb2.ae41.23d6.
But arp -a showing a04f.85fa.a543.So what is solution ?

The simplest immediate solution is to disconnect that client machine. Afterwards you should consider to implement dhcp snooping and dynamic arp inspection

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

how i can implement dhcp snooping and dynamic arp inspection?

You first need to configure DHCP snooping with "ip dhcp snooping" and under your uplink interfaces "ip dhcp snooping trust". Are you using IP helpers/dhcp relay in your environment?

Once DHCP snooping is working you can enable ip arp inspection using "ip arp inspection". Note that you will need to create static entries for any hosts with statically assigned ip addresses.

You can read more about DHCP snooping and DAI here:

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9200/software/release/17-9/configuration_guide/ip/b_179_ip_9200_cg/configuring_dhcp.html

https://www.cisco.com/c/en/us/td/docs/switches/lan/catalyst9500/software/release/17-3/configuration_guide/sec/b_173_sec_9500_cg/configuring_dynamic_arp_inspection.html

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

interface Vlan20
description **** SVI FOR STUDENTS VLAN ****
ip address 172.16.0.3 255.255.0.0
ip helper-address 10.0.0.110

You will need to configure "ip dhcp snooping information option allow-untrusted" on distribution switches.

Happy to help! Please mark as helpful/solution if applicable.
Get in touch: https://torbjorn.dev

The following VLAN configurations on our core switch are VLAN 1, VLAN 10, and VLAN 20. Three servers and two access points are connected to the core switch, and their VLAN is 1. Three servers are connected to the switch, and their VLAN is 10. DHCP Server connected with Core switch Port no 1.So port no 1 have to be set as snooping trust, while the other ports will remain unchanged? And will this configuration need to be replicated on the rest of the distribution switches, or will it remain the same?

one Core switch and 35 distribution switches are using in network.Can you help me determine which commands I should use on core switch and which commands I should use on distribution switches?

As @Torbjørn mention' disconnect this PC and prevent this in feature as I mention use DAI.

MHM

can i configure DAI in Cisco network switches?

Yes sure you can' 

And if you dont use dhcp you can use static DAI.

MHM

One more question is
The following VLAN configurations on our core switch are VLAN 1, VLAN 10, and VLAN 20. Three servers and two access points are connected to the core switch, and their VLAN is 1. Three servers are connected to the switch, and their VLAN is 10. DHCP Server connected with Core switch Port no 1.So port no 1 have to be set as snooping trust, while the other ports will remain unchanged? And will this configuration need to be replicated on the rest of the distribution switches, or will it remain the same?

Review Cisco Networking for a $25 gift card