I am facing ARP broadcast issue in my network which causes huge packet drop at endpoints. I have only way to avoid it to protect my endpoints with Antivirus with network protection enabled. I have observed Its only occurring in my single VLAN. The ARP source is not a single device its originating from various devices in my network. Need help to eliminate this issue.
I am attaching snapshot of Wireshark Packet Capture. Thanks a bunch
not knowing what your network looks like, you could try storm control (on at least the (trunk) interfaces connecting your switches, e.g.:
storm-control broadcast level pps 8000
Thank you for your response let me do RnD on this to calculate its affect on end users and applications. Will get back to you when it i implement this.
- As far as 'illegal-arp-broadcasting' is concerned it is always better to eliminate the cause before implementing storm-control, the latter should only be applied is the network is observed as being in a normal state.
Hello @Hassan Hameed ,
find where the source unicast MAC address is located in your switches and eventually shut down the port the device is connected to.
if network 10.4.0.x is not part of your network your packet capture can be showing an attempt to perform a network discovery using ARP requests. They are coming from the same source MAC address.
However, open one frame get the source MAC address and look for it using
show mac address-table address <address>
if you find a port it is wise to shut down it.
If there are multiple MAC addresses used as source you may create a Quarantine VLAN with no L3 services, and move the ports where these source MAC addresses are learned to the quarantine VLAN then each affected device should be cleaned and recovered
Hope to help