home *** CD-ROM | disk | FTP | other *** search
- Path: sparky!uunet!usc!news
- From: tli@skat.usc.edu (Tony Li)
- Newsgroups: comp.dcom.sys.cisco
- Subject: Re: Router Problem Caused by Errant Host
- Date: 28 Aug 1992 17:31:20 -0700
- Organization: University of Southern California, Los Angeles, CA
- Lines: 35
- Sender: tli@skat.usc.edu (Tony Li)
- Message-ID: <l9thaoINN51u@skat.usc.edu>
- References: <9vdnx8#.badboy@netcom.com>
- NNTP-Posting-Host: skat.usc.edu
-
- In article <9vdnx8#.badboy@netcom.com> badboy@netcom.com (Jay Keller) writes:
-
- We recently experienced a failure of our Cisco router due to the following
- scenario:
-
- One of our workstations, running IBM TCP/IP for OS/2, was improperly
- configured. The file that controls the IP address and the default routing
- was typo'ed such that the machine was accidentally assigned the same IP address
- as the Cisco router. This brought down a major part of our network as the
- Cisco stopped routing. Several hours were spent finding the problem.
-
- First of all, what troubleshooting techniques would have led our team to
- discover the exact nature of the problem more quickly?
-
- The router will note this and issue a warning message to the console
- and to its syslog host when this occurs. This message will include
- the MAC address of the station that it thinks is misconfigured:
-
- %IP-4-DUPADDR: Duplicate address 160.89.32.8 on Ethernet0, sourced by
- 0000.0c00.aecc
-
- It will also work to defend its address by generating a gratuitous ARP
- reply and it will continue to route packets. Unfortunately, if the
- hosts ARP cache is still confused, there is not too much that the
- router can do.
-
- Secondly, is there any way to protect against this sort of thing?
-
- The only way that I know of is to hard wire the ARP entry of the
- router in all hosts.
-
- Tony
- --
- Tony Li - Escapee from the USC Computer Science Department tli@usc.edu
- The net is not what it seems.
-
