sherwood@nstn.ns.ca (John Sherwood) (02/23/91)
We are seeing corrupted ARP entries on our AGS at times (software 8.0(19)). The situation looks like this: -------+ | |-----------> ether 0 connection to host A cisco | |-----------> ether 1 connecting to host B | -------+ Host A is IP 129.173.1.100 on subnet 129.173.1.0 on ether 0. Host B is IP 129.173.2.140 on subnet 129.173.2.0 on ether 1. The problem comes when host B (a PC) fires up with a corrupted config file which says "myip=129.173.1.100". The PC then broadcasts a gratuitous ARP reply with the wrong IP address. The big problem now comes about because the AGS believes this ARP reply, even though it is on the wrong subnet! The AGS enters the new ethernet address and new ether interface number into its ARP table. However, packets addressed to 129.173.1.100 still go out ether 0, but with host B's ethernet address. cisco says that this is normal behavior, but I find that hard to believe. Normal or not, it is causing us problems because anyone on campus can disable any of our mainframes with a simple misconfig. Suggestions, anyone? John Sherwood Dalhousie University Halifax, Nova Scotia sherwood@ac.dal.ca