Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
649
Views
0
Helpful
1
Replies

Core L2/L3 switch ARPing DoS

Colin Craig
Level 1
Level 1

‎03-01-2011 04:54 PM - edited ‎03-06-2019 03:50 PM

I run 3x 3750s stacked as my L2/L3 core switch, it routes all my vlans.

Two weeks ago it started broadacting ARP requests for the entire 10.1.x.x/16 subnet. We tried everything to troubleshoot it.

- we unpluged all other switches

- we broke the stake and tried every individual 3750 on its own

- IOS upgrade

- Once the ARPing starts you can unplug every port from the switch and it will continue to it until we cycle power.

The funny thing was when we plugged in a 3550 L2/L3 and moved the routing over to it, It then began ARPing the whole subnet. Our current work around was to limit the range by moving to a 255.255.240.0 mask. It is still doing it but not being overwhelmed. I'm hoping for a bit of insight on what can cause a switch to do this and how to narrow it down because I'm completely lost now.

Labels:
0 Helpful
1 Reply 1

IAN WHITMORE
Level 4
Level 4

‎03-02-2011 01:24 AM

Sounds to me like someone on your network has a virus...that's what first comes to mind. It could of course be a bug but on the 3750 AND the 3550? (possible). Post the versions of the IOS so we can have a look.

Finally it could be config? Bad mask somewhere? You've probably check ed the config 100 times already so unlikely.

Regards,

Ian

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card