Showing results for 
Search instead for 
Did you mean: 

Frequent ARP request broadcast for Who has x.x.255.255? from S-Series root switch in RSTP VLAN

Frequent ARP request broadcast for Who has x.x.255.255? from S-Series root switch in RSTP VLAN

New Contributor
We are getting average of 1 pps and peaks of 60 pps of these packets, from Wireshark trace.

Please kindly share information on what is the cause of these broadcasts and how to minimize the frequency.


Screenshots of Wireshark decode and IO graph below:




New Contributor
Thank you Erik,

Do we know why the ARP requests for the subnet broadcast address are particular to the S-series?

We started seeing these packets only after replacing the N-series root and backup root switches under an upgrade program.

The N-series Configuration Guide states that IP-directed broadcasts are disabled in the default setting -- the configuration files did not have any reference to directed-broadcast.

The start of the N-series root switch config file is as shown below; I am still trying to secure copy of the config file for the S-series.


## Config File was imported 12-14-2015 09:24:21 from SWROOT (7C103) N3 Chassis ##

set banner motd "Configuration imported from SWROOT on 12-14-2015 09:24:21 running firmware rev DFE-P-6123-0003"
set ip address x.x.81.1 mask
set ip route default x.X.81.1


New Contributor
As additional fyi that might provide more clarity for this query; the following are extracts from S-Series root switch config:

# Chassis Firmware Revision:
# ___ ________________
# 1 SSA-G8018-0652
# modal configuration
configure terminal
interface vlan.0.2
ip address x.x.81.1 primary
no ip proxy-arp
no ip forwarding
no shutdown
# ip interface
set ip interface vlan.0.2 default

Looks like no IP forwarding and the S-series switch does not have interface in the DMZ, only in VLAN-2.

There is also "no ip directed-broadcast" setting found in the "show config all"; so this feature is disabled, by default.

Can I use "ping x.x.255.255" to see if similar ARP requests are generated?

Looks like we just have to live with these subject ARPs.

As a quick test you could block SNTP on an S-Series using an ACL. You would lose time synchronization for that switch for the duration of this test.

Another possible test would be to generate a different directed broadcast packet and see if ARP requests are generated (note that ARP request generation is rate limited).

If there are other packets sent to the local broadcast address x.x.255.255, those should result in ARP requests from the S-Series as well.

You might want to take a look at the following GTAC Knowledge article (the 7100 switches use the same EOS as the S and K Series):

I think you do not want the S-Series switches to act as routers. If the S-Series have interfaces in both the VLAN-2 and the DMZ, by default they would forward IP packets between both networks.

BTW, enabling directed broadcasts on SVIs is needed to send a directed broadcast from a different network to the SVI's subnet only. As I understand it the directed broadcast is generated inside the network it is destined for, no forwarding needed.

New Contributor
PS. All known hosts have static pre-assigned IP addresses and host names are defined inside the "hosts" files.