Page 1 of 1

Recurring ARP Request to Switch interface

Posted: Tue Jun 18, 2019 8:57 am
by augur
Hi,

I build up a LAN2LAN connection as described with a switch which works fine. The branch switch IP is 192.168.177.6 and it get recurring ARP request from an unknown source to the switch IP. I cannot identify it but it seems related to Softether because the real LAN port the MAC is connected to is the same as the branch VPN server. Does anybody know if this is common?


2019-06-18,10:31:16.911,SID-NETGEAR1-15,SID-L3-LAN2LAN SWITCH-2,00AE2B623DA2,5EA3A61123E4,0x0806,42,ARPv4,Request,-,-,-,-,-,-,Who has 192.168.177.6? Please Tell 00AE2B623DA2(172.31.44.99),-,xx.xx.xx.xx,-
2019-06-18,10:31:16.911,SID-L3-LAN2LAN SWITCH-2,SID-NETGEAR1-15,5EA3A61123E4,00AE2B623DA2,0x0806,42,ARPv4,Response,-,-,-,-,-,-,5EA3A61123E4 has 192.168.177.6,-,-,xx.xx.xx.xx
2019-06-18,10:31:19.742,SID-L3-LAN2LAN SWITCH-2,-,5EA3A61123E4,FFFFFFFFFFFF,0x0800,85,UDPv4,-,192.168.177.6,echo(7),192.168.177.255,echo(7),-,-,-,-,-,-

18-06-_2019_10-48-46.png
Cheers,
Nils

Re: Recurring ARP Request to Switch interface

Posted: Tue Jun 18, 2019 9:29 am
by augur
I found an option "NoAddressPollingIPv4 which solved this. :-) As I do not filter IPv4 packages as I understood I can use this whichout any problems. It works really fine...as my server does send ARP every 1-2 seconds is there perhaps an option to increase the time between the keep alives send? Enable this in every virtual Hub reduced the network traffic much. Before it was at least 1 Gb a month.

Actually it seems that the virtual switch is sending ARPs only which is much better than every interface. Is this still normal or could be disabled somehow?

2019-06-18,11:37:21.714,SID-L3-LAN2LAN SWITCH-17,-,5EA3A61123E4,FFFFFFFFFFFF,0x0800,85,UDPv4,-,192.168.177.6,echo(7),192.168.177.255,echo(7),-,-,-,-,-,-
2019-06-18,11:37:21.714,SID-L3-LAN2LAN SWITCH-17,-,5EA3A61123E4,FFFFFFFFFFFF,0x0806,42,ARPv4,Response,-,-,-,-,-,-,5EA3A61123E4 has 192.168.177.6,-,-,-

Cheers
Nils

Re: Recurring ARP Request to Switch interface

Posted: Tue Jul 09, 2019 5:31 am
by cedar
You can change the feeling of polling by changing the source code.
But I think it is better to stop ARP polling if you do not need IP based restrictions or logging.