cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
594
Views
0
Helpful
4
Replies

LAN ISSUE

Chennai NOC
Level 1
Level 1

HI in our LAN we find a weird issue. Our ip range is 172.20.48.0 /20, when to try to ping any ip address from the pc it resolves to ips in the network range 172.20.62.x or 63.x and the MAC address for those IPs seems to be same, i have attached the screenshots of the same, pls help me to find out is that spoofing attack and how to resolve this issue....

4 Replies 4

satish_zanjurne
Level 4
Level 4

What DNS server are you using ??

Do "nslookup 172.20.48.x" see to which IP address it is resolving .

make sure your DNS entries are correct , if it is not Dynamic DNS !!

That MAC address is a Cisco box. Is it doing some sort of proxy I wonder?

Giuseppe Larosa
Hall of Fame
Hall of Fame

Hello Chennai,

I think this is caused by proxy-arp enabled on a Cisco device likely to have a longer more specific prefix configured on it.

It will try to answer requests for some IP addresses in order to help a PC by sending its own MAC address because it has a route to the destination address.

look for the MAC address on your LAN switches to locate this device

Hope to help

Giuseppe

Chennai NOC
Level 1
Level 1

Hi all thanks for the replies, the issue is sorted out, i handle cisco NAC implemetation in my office. Since there was a looping issue caused by NAC few weeks back all ppl were suspecting that Cisco NAC clean access server was the issue. Actually the issue is in the 172.20.48.0/20 network we have our core switch as our gateway 172.20.48.1 in that for a particular host range 172.20.55.1 - 200 lies a project that needs internet access to connect the vpn clients.

So our network engg configured a source based routemap to redirect the mentioned ips to internet firewall... and also the securities guys have configured a nat pool for some the home user who connect to our office as 172.20.63.x

So whenever i started pinging from the hosts in 55 network we were getting replies from 63 network,, thats the issues....

Review Cisco Networking for a $25 gift card