Cisco router spoofing?

Discussion in 'Cisco' started by Mark, Jul 17, 2003.

  1. Mark

    Mark Guest

    Last night I had the gateway router take over the IP address for one
    of my servers. I identified the router as the problem when I started a
    server reboot and was still able to ping the IP address. Checking the
    arp table on another machine revealed that it was the router
    responding rather than the server. I looked throught the NAT
    tranlation table and didn't see anything that could account for this
    behavior. After reloading the router everything returned to normal.

    I would like to make sure it dosn't happen again since I am not fond
    of getting up at 3:00am to reload the router. Does anyone have a clue
    about what I should be looking for?

    It is a 1605R router using 12.0(7)T2 IOS cisco
    Mark, Jul 17, 2003
    1. Advertisements

  2. Mark

    Paul Guest

    Maybe the router thought the IP address was on another subnet attached to a
    different segment of the network...
    Paul, Jul 17, 2003
    1. Advertisements

  3. Mark

    Mark Guest

    The router is the gateway for the host it was spoofing so it's routing
    tables would show the subnet directly connected to the ethernet port.
    Mark, Jul 17, 2003
  4. Mark

    Hapee Guest

    Hapee, Jul 17, 2003
  5. Mark

    Hapee Guest

    Try disabling proxy arp?
    Hapee, Jul 17, 2003
  6. It sounds like some type of proxy arp issue. Since proxy arp is on by default
    you may try 'no ip-proxy arp' on your Ethernet interface. If you are doing any
    dot1q or ISL trunking, and have sub-interfaces, I believe you will also need to
    issue the same command on the sub.

    David Wolfenbarger
    David Wolfenbarger, Jul 18, 2003
  7. Mark

    Mark Guest

    Disabled the proxy arp on Friday but it did the same thing again this morning.
    Mark, Jul 21, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.