Aruba & ProVision-based
cancel
Showing results for 
Search instead for 
Did you mean: 

Arp listing contains a PC ip address but zeros for Mac addr and no port listed - ?

 
milty1017
Occasional Advisor

Arp listing contains a PC ip address but zeros for Mac addr and no port listed - ?

I have a PC on my network that is unable to ping some network devices and same network devices that also can not ping the PC - but the PC is functioning on the network - ie. - login script is working, RDP working, printing, attaching to servers, etc. 

When I ping the PC from the switch (HP PRocurve 3500YL) it is attached to it times out - then I do a Sh Arp - it is listed via IP but the mac field contains only zeros and port field is blank. 

I suspect an issue with the NIC in the PC - but as I stated it seems to work without issue on the network. 

Any Thoughts? 

Thanks.....Milty

4 REPLIES 4
Ian Vaughan
Honored Contributor

Re: Arp listing contains a PC ip address but zeros for Mac addr and no port listed - ?

Hello,

Ping is not as  good a test of end user / client devices as it used to be - lots of devices have firewall capability or just don't answer ICMP echo requests.  Yoo are correct in that if you didn't have networking you would have working network services so you must have something working right :-)

You could use a linux "live CD" or live USB image to check out that the hardware of the PC is OK. The linux distro's have a ton of network tools built into them. I use a tiny raspberry pi running linux as a very portable network toolkit.

You could use the Zenmap port scanning tool to map out your network devices and see what ports are open on which devices so that you can better secure them.

Hope that gives you some ideas.

Thanks

Ian

Hope that helps - please click "Thumbs up" for Kudos if it does
## ---------------------------------------------------------------------------##
Which is the only cheese that is made backwards?
Edam!
Tweets: @2techie4me
milty1017
Occasional Advisor

Re: Arp listing contains a PC ip address but zeros for Mac addr and no port listed - ?

Understood but I was curious as to the lack of a mac address ( all 00000000) and a empty port field ....I am wondering if it was an issue not related to the NIC - something in the switch - a setting - a port issue - etc 

Thanks, 

Milty 

Michael Patmon
Trusted Contributor

Re: Arp listing contains a PC ip address but zeros for Mac addr and no port listed - ?

Hello..  All zeroes MAC with no port ID in the ARP table generally means the MAC entry was removed, usually due to age out.  The MAC age timer is 5 minutes, the ARP age timer is 20 miinutes by default..  It can also mean an ARP entry that was once resolvable no longer is, or there is a next hop for an IP route that is not resolvable.

If you are pinging from the switch it is likely sending an ARP request and not getting a reply.  Could be a firewall issue as Ian mentioned.  If you ping fromt he PC to the switch and get a reply that is likely the case.  You could also fire up Wireshark on the PC and see what is going on.  

Re: Arp listing contains a PC ip address but zeros for Mac addr and no port listed - ?

When ARP first runs on an IP address, the field will be set to all 0's, whilst awaiting the request/response. Normally you won't see the all 0's in the arp table, because they get answered quickly. If you setup a network scan, you'll likely see some all 0's in the arp table as the scanner traverses the network (they are all shortlived, but I'm not sure how fast an unanswered arp lookup clears the corresponding arp table entry, but with a mass scan, you'll see evidence of all 0's). As there is a limit to how many ARP entries are supported, they will age out quickly if not answered.

I'm not sure about the 3500YL, but on my 5400's, when the MAC times out, it disappears from the MAC table, and the ARP table still shows the "IP and MAC address, but no longer knows which port it is on, e.g. " 172.16.0.1  c8cc00-12345 dynamic ".

I wonder whether the problem you are having is switch routing issue, client IP (gateway or subnet mask issue), and whether that switch has a route to the client device and is actually able to ping client devices (in a larger network, I'd have routing away from edge switch ports, and the switch managament IP on a separate network without access to/from data network).

Can you try a ping to/from a client on the same vlan? Plug in a PC into the same switch on the same vlan, and see if they can see each other, making sure the firewall is disabled for the test.

Can you check the client IP config details, looking for errors? e.g. gateway IP wrong, incorrect netmask.

Can you check the client ARP table, maybe paste it here?   (windows, arp -a)

Are there any errors on the switch port?  show int <port>    - check with TX or RX errors.

Can you check for switch or network problems by looking for ARP and MAC table sizes going past the limits?   not sure about your switch model and version, but the command is "show inst moni".