I'm at a bit of a loss, as is our lead network engineer. About 3 years ago, we replaced an old Cisco ASA firewall with a new Palo Alto. All of a sudden all windows machines were unable to talk off their LAN. They could talk just fine on their own LAN, but could not ping their gateway. We came to find out if we ran an arp -a on the windows devices it was learning the wrong mac address for the gateway's IP address. Adding a static arp entry on each windows box has band-aided the problem, but I'm wanting to get it fixed for real. This seems to happen on both VM's and physical windows boxes on the network, but does't seem to affect anything else (several linux boxes, a dozen or so cisco switches, wireless radios, etc...). It also only seems to be related to the gateway address, as these windows boxes can arp everything else on it's LAN no problem. I'm not aware of any gratuitous arps, and have been unable to locate any via wireshark either.
Until we put the static arp entries in new windows boxes, they seem to be arping with a destination of "IPv4mcast_3f:e0:01" according to my wireshark capture. This is different than all the other arps that the same machine and other machine are making to the standard ff:ff:ff:ff:ff:ff address. This 3f:e0:01 is the mac address that gets added to the arp table if I do an arp -a on the windows box.
Has anyone seen an issue like this before? It really has me scratching my head. Any help/hints would be appreciated.
x-post on /r/windows
No comments:
Post a Comment