I'm experiencing an issue that's causing a lot of problems on our LAN.
I have a Windows Server with a single NIC, 192.168.0.100
I have certain services running on the server that I am having connection issue with, database being one, SQL.
When accessing this issue I notice that if I send a broadcast arp request for the IP 192.168.0.100 it returns a bunch of different MAC addresses including the correct MAC address of the server.. I get 8 different addresses in the response.
I assume this is causing the connection issues.
My question is, I've cleared the arp table on all our Switches and Routers. (I restarted them also). How can I find out where these are stored and why are they responding for this IP.
Thanks in advance
From my linux machine:
rh@deb-967:~$ arping -b 192.168.0.100
ARPING 192.168.0.100 from 192.168.0.16 eth0
Unicast reply from 192.168.0.100 [xx:xx:xx:xx:BB:A9] 0.582ms
Unicast reply from 192.168.0.100 [xx:xx:xx:xx:CR:23] 0.602ms
Unicast reply from 192.168.0.100 [xx:xx:xx:xx:C8:76] 0.613ms
Unicast reply from 192.168.0.100 [xx:xx:xx:xx:NH:K9] 0.623ms
Unicast reply from 192.168.0.100 [xx:xx:xx:xx:HG:39] 0.632ms
Unicast reply from 192.168.0.100 [xx:xx:xx:xx:CF:02] 0.643ms <<-- Correct Mac
Unicast reply from 192.168.0.100 [xx:xx:xx:xx:E6:49] 0.652ms
Unicast reply from 192.168.0.100 [xx:xx:xx:xx:DH:BU] 0.662ms
^CSent 1 probes (1 broadcast(s))
Received 8 response(s)
When I perform the same for a LAN server that's functioning correctly I get…
rh@deb-967:~$ arping -b 192.168.0.112
ARPING 192.168.0.112 from 192.168.0.16 eth0
Unicast reply from 192.168.0.112 [xx:xx:xx:xx:xx:32] 0.659ms <-- Correct MAC
Unicast reply from 192.168.0.112 [xx:xx:xx:xx:xx:32] 0.801ms <-- Correct MAC
Unicast reply from 192.168.0.112 [xx:xx:xx:xx:xx:32] 0.732ms <-- Correct MAC
^CSent 3 probes (3 broadcast(s))
Received 3 response(s)
EDIT….
Traced one of the offending MACs to a machine on the LAN, here is the IP config details…
C:\Windows\system32>ipconfig /all
Windows IP Configuration
Host Name . . . . . . . . . . . . : pc5434
Primary Dns Suffix . . . . . . . : mydomain.local
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : mydomain.local
Ethernet adapter Local Area Connection:
Connection-specific DNS Suffix . : mydomain.local
Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
Physical Address. . . . . . . . . : xx:xx:xx:xx:BB:A9
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : xxxx::11c:xxxx:30b:xxxx%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.0.78(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : 11 October 2016 17:45:01
Lease Expires . . . . . . . . . . : 19 October 2016 17:44:57
Default Gateway . . . . . . . . . : 192.168.0.1
DHCP Server . . . . . . . . . . . : 192.168.0.20
DHCPv6 IAID . . . . . . . . . . . : 230497568
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1R-3D-65-58-xx:xx:xx:xx:BB:A9
DNS Servers . . . . . . . . . . . : 192.168.0.20
192.168.0.40
NetBIOS over Tcpip. . . . . . . . : Enabled
Best Answer
I've never done this on Netgear but according to the GS700TS Smart Switch Software Administration Manual in the web interface you need to go to Switching > Address table > Basic > Address table. Select "search by mac address". Enter one of the "offending" mac addresses (e.g. xx:xx:xx:xx:BB:A9) and click Go.
This will tell you on which switchport this MAC address was learnt so then you can check which device is connected there, and check that device's IP settings.
Note that the port shown can also be a port connecting to another switch, in which case you need to repeat the above steps on that switch.