ARP broadcast

biggizod · ‎03-20-2023

Hi, here is topology :

switches-----[A_switchl3]svi90-----[B_switchl3]vlan90---endpoints at specific time we see a lot of arp broadcast requests from svi90 mac address for hosts in that vlan 90 which drops our endpoints work.

I assume that arp was sent from other subnet to svi 90 and that interface vlan90 trying to find destination mac addresses .

wireshark from switch B shows source of arp request is int vlan90 on switch A ... How to trace it from switch A or upper level switches who is sending arp originally ?

thank you

MHM Cisco World · ‎03-20-2023

even if SW's beyond SW-A ask arp the Sw-A must keep mac of endpoint for arp age timeout, and hence any request from SW's beyond SW-A the SVI will reply with it MAC and never ask Mac address of endpoint.
but this can broken if
arp aging is short
the endpoint is config with wrong IP, you config the endpoint with network IP and SVI send arp and the arp always hit this endpoint.

so far we need more info. about this case

biggizod · ‎03-20-2023

arp requests are requesting not assigned IPs , for example i have only 20 ip from /24 assigned 172.16.10.90 till 172.16.10.110 to devices, so arp requests are coming to ip 172.16.10.1 , 10.2 , 10.3 which are not assigned yet. Also i dont know if this somehow affects but switch_A is Catalyst C9500 and in HSRP active one . Is it possible to run monitor session source interface vlan90 on switch_A to capture who is sending that arp request originally? Or maybe another ways ?

MHM Cisco World · ‎03-20-2023

arp requests are requesting not assigned IPs

the DHCP can use ARP to detect conflict before assign to hosts.
so I suggest start check DHCP.