Path: utzoo!utgpu!news-server.csri.toronto.edu!cs.utexas.edu!sdd.hp.com!spool.mu.edu!uunet!bonnie.concordia.ca!nstn.ns.ca!sherwood
From: sherwood@nstn.ns.ca (John Sherwood)
Newsgroups: comp.dcom.sys.cisco
Subject: trashed APR entry
Message-ID: <1991Feb22.161243.5726@nstn.ns.ca>
Date: 22 Feb 91 16:12:43 GMT
Distribution: comp
Organization: NSTN Network Operations Centre, Nova Scotia, Canada
Lines: 31

We are seeing corrupted ARP entries on our AGS at times (software 8.0(19)).
The situation looks like this:

-------+
       |
       |-----------> ether 0 connection to host A
cisco  |
       |-----------> ether 1 connecting to host B
       |
-------+

Host A is IP 129.173.1.100 on subnet 129.173.1.0 on ether 0. Host B is
IP 129.173.2.140 on subnet 129.173.2.0 on ether 1. The problem comes when
host B (a PC) fires up with a corrupted config file which says 
"myip=129.173.1.100". The PC then broadcasts a gratuitous ARP reply with the
wrong IP address.

The big problem now comes about because the AGS believes this ARP reply,
even though it is on the wrong subnet! The AGS enters the new ethernet
address and new ether interface number into its ARP table. However, packets
addressed to 129.173.1.100 still go out ether 0, but with host B's ethernet
address.

cisco says that this is normal behavior, but I find that hard to believe.
Normal or not, it is causing us problems because anyone on campus can
disable any of our mainframes with a simple misconfig. Suggestions, anyone?

John Sherwood
Dalhousie University
Halifax, Nova Scotia
sherwood@ac.dal.ca