ARP Entry in a switch

Similar Messages

• Question on ARP table on 3750 switch

  Hi,
  So I have a cisco 3750 switch directly connected to a 2851 router gig 0/0 interface.
  Should the show arp command on the switch show an entry for the IP and mac address of the routers gig 0/0 interface?
  I dont see one in there now and was just wondering.
  Connectivity between the switch and router work fine right now.
  thanks

  HI Bill,
  if u can ping from Swicth ro router,,,,then please check with this command: sh ip arp.
  Just for Info;
  To be able to ARP a device, you must have an interface (SVI) on that switch on that network. To ARP a device you must have an interface with a layer 3 IP on the same layer 2 vlan.
  You will need to connect to a switch that has an interface on that vlan on it. I would traceroute to the host, and hopefully the next to last hop is the layer 3 switch, or if it's a router, connect to it and do a show cdp neighbors and see if you can find the switch that way. (If you do connect to the router, you'll find the ARP entries there, if it's a layer 3 switch, then it's both a router and switch in one box)
  "sh mac address-table". This will give which MAC is connected to which port.
  "sh ip device tracking interface gigabitEthernet ". This will give which IP is connectd to a port.
  "sh ip arp" will give you a IP to MAC table
  Regards
  Dont forget to rate helpful posts.

• 802.1x router loses ARP entry

  Firs of all, Hello All. In new to this community.
  A have a strange problem i want to share with you. Possibly a bug but maybe it is me who does something wrong.
  My network looks like this:
  [RADIUS] --- [C881] --- [SG200 Switch] ---[WinXP]
  One of SG200 interfaces is set as a Supplicant ant it authenticates in RADIUS (FreeRADIUS) server via C881 router. WinXP and other PC clients authenticate in RADIUS via SG200.
  Now: Authentication works perfectly. Ports open as they're supposed to. I'm able to reach RADIUS from SG200 and vice versa but there is a problem with WinXP. When i connect it to SG200 it authenticates, port opens and I'm able to reach RADIUS or any host on the left hand side but only for 300 seconds. After that period of time C881 looses WinXP from its ARP table and any communication fails. I cant even reach C881's interface facing SG200. Then i type:
  c881(config-if)#dot1x port-control force-authorized
  C881 learns WinXP's MAC and IP again and all gets back to normal. When I type
  c881(config-if)#dot1x port-control auto
  after 300 seconds C881 forgets WinXP again and communication brakes down.
  How is it possible that a router forgets MAC of host its continuously "talking" with?
  Have you ever seen this kind of behaviour? I tried with two other software revisions on C881 and resoult is always the same. Bug or feature?

  Hi.
  Are you sending the session-attribute from the free radius server?
  To be honest im not sure what you mean, but i have strong suspicion that my problem has nothing with freeradius.
  Host authentication works perfectly. When i connect WinXP directly to routers switch ports everything works fine. Either the switch itself has a connection to the router all the time - even when WinXP and C881 dont see each other.
  Furthermore - All ports are authenticated and open all the time, its' state doesn't change. Reauthentiction is turned off.
  When the problem occurs i see no traffic to radius server. hre is how it looks:
  When i connect WinXP to the switch it works at the begining.
  I check ARP table on the router - WinXP is there.
  I periodically check ARP table and after ap. 300 seconds (default arp entry timeout) WinXP disappears and communication brakes down.
  Additionally when i change ARP timeout value to shorter or longer communication breaks earlier or later respectivly

• Static Arp Entry for Exchange 2010

  Hello All,
  I was hoping someone could assist with an issue that our Exchange team are having, specifically with replication traffic traversing our DC to DR site.
  The infrastructure consists of a Layer 3 data centre and a disaster recovery site, so essentially its a live/backup environment. Both the DC and DR site are connected with a LES using routed interfaces.
  The Exchange cluster at the DC is associated with the following subnets:
  MAPI - 10.1.30.X
  Replication: 10.1.230.X
  DR site has the following subnets associated with the exhange cluster :
  MAPI - 192.168.4.X
  Replication - 192.168.230.X
  When an attempt is made to create a database/mailbox on an exchange server at the DC and copy it using  the replication subnet source: 10.1.230.X to destination subnet: 192.168.230.X, the copy process fails.
  Replication traffic in general going from DC to DR or vice-versa is subject to constant problems and seems unreliable. Our exchange team have to manually copy mailboxes from one cluster to the other using Windows explorer which works fine.
  The Exchange cluster at both sites reside within a VMWare ESX enclosure and connect to Cisco 6500 switches. Would the Cisco switches require a static arp entry for their respective Exchange clusters, which should be configured on each switch? If this was missing could this be the root cause of the replication problems we're experiencing? Or does this depend on whether the exchange cluster is using NLB Unicast or Multicast mode?
  Any assistance would be most appreciated.
  Regards,
  Jamie

  Jamie,
  Have a look at this link:-
  http://www.cisco.com/en/US/products/hw/switches/ps708/products_configuration_example09186a0080a07203.shtml
  It depends on how the team NLB is set up.
  You may need static mac & static arp as well as disabling igmp snooping if multicasting is bein used.
  Regards,
  Alex.
  Please rate useful posts.

• Arp entries on 3850

  On my 3850 (running 3.3.1) i have 1600+ entries in the arp table for a given vlan but I'm not acting as the gateway for the devices connecting to it (i'm trunked to the core which is acting as the gateway but I do have ip routing enabled on my 3850). I've put the nmsp attachment suppress command on all physical interfaces to resolve another issue I was having.
  Is having all these arp entries expected behavior? I've tried to delete 1 ip in the table which I knew wasn't valid but my switch seems to ignore it as the entry is still there.
  The reason I ask was due to a small unicast flooding issue I seemed to have (since gone away). I was told it may have been due to the switch having an arp entry for a mac addresses it didn't know and hence was flooding the switch. The person was surprised to see so many arp entries given i wasn't a gateway for this vlan.
  Thanks

  Hi,
  If you issue "show running config all" command you can see all configuration lines of this switch including the default settings. Here is an example for one of the vlan interface configuration. As you can see "proxy-arp" is enabled globally & interface level by default.
  3850-2#sh running-config all | in proxy            
  no ip arp proxy disable
  3850-2#sh running-config all | be interface Vlan1410
  interface Vlan1410
  ip address 10.141.103.242 255.255.248.0
  ip redirects
  ip unreachables
  ip proxy-arp
  ip mtu 1500
  ip load-sharing per-destination
  ip cef accounting non-recursive internal
  ip pim dr-priority 1
  ip pim query-interval 30
  ip mfib forwarding input
  ip mfib forwarding output
  ip mfib cef input
  ip mfib cef output
  ip route-cache cef
  ip route-cache
  ip split-horizon
  ip igmp last-member-query-interval 1000
  ip igmp last-member-query-count 2
  ip igmp query-max-response-time 10
  ip igmp version 2
  ip igmp query-interval 60
  ip igmp tcn query count 2
  ip igmp tcn query interval 10
  load-interval 300
  carrier-delay 2
  no shutdown
  ipv6 nd reachable-time 0
  ipv6 nd ns-interval 0
  ipv6 nd dad attempts 1
  ipv6 nd prefix framed-ipv6-prefix
  ipv6 nd nud igp
  ipv6 nd ra lifetime 1800
  ipv6 nd ra interval 200
    ipv6 redirects
    ipv6 unreachables
  snmp trap link-status
  cts role-based enforcement
  arp arpa
  arp timeout 14400
  spanning-tree port-priority 128
  spanning-tree cost 0
  hold-queue 75 in
  hold-queue 40 out
  no bgp-policy accounting input
  no bgp-policy accounting output
  no bgp-policy accounting input source
  no bgp-policy accounting output source
  no bgp-policy source ip-prec-map
  no bgp-policy source ip-qos-map
  no bgp-policy destination ip-prec-map
  no bgp-policy destination ip-qos-map
  This post explain "proxy-arp" behaviour well.
  http://www.cisco.com/c/en/us/support/docs/ip/dynamic-address-allocation-resolution/13718-5.html
  In your case all the SVI defined & end host gets default-gateway IP correctly, there is no need for "proxy-arp" enabled on SVI. You can safely disable it (globally or interface level)  and check if that help to mitigate your arp cache issue.
  3850-2(config)#ip arp proxy disable
  or
  3850-2(config)#int vlan 1410
  3850-2(config-if)#no ip proxy-arp
  HTH
  Rasika
  **** Pls rate all useful responses ****

• No ARP entries for VLAN X

  I have a question about ARP. I have a number of VLANs configured on a 6500 switch most of the vlans routing interfaces are also on the 6500. One of the VLANS use a static route pointing to a remote router for the routing interface. My question is: APP works fine for all vlans that are reouted localy by the 6500, but there are no arp entries for VLAN X that is routed remotely. I thought ARP was a L2 not L3. If someone could clear this up for me it would be great. Thanks

  If you have a route to another router on the same VLAN, then the 6500 will ignore any incoming ARP requests for IP addresses on the VLAN except its own address.
  I presume that the hosts on the VLAN have been configured with the other router as default gateway. In that case, the traffic from that VLAN would never go near the 6500.
  However, if a host did send a packet to the 6500 destined for an address that is off the VLAN, then the 6500 would forward it in the normal way. It would then depend whether you have ICMP re-directs enabled on that VLAN interface. If you do not, then the 6500 would have no reason to put the host in its ARP cache. But if you have ICMP re-directs enabled, then the 6500 would have to ARP to find the MAC address of the host in order to send its ICMP re-direct.
  In fact, the 6500 will only make an ARP table entry if it has a packet to send to the host, either because it has to forward a packet that came from outside VLAN, or because it needs to send an ICMP re-direct to the host to tell it to use the other router.
  Does that make sense?
  Kevin Dorrell
  Luxembourg

• ARP Entry not seen in Backup Router

  Hi,
  we have two routers,one primary and a secondary configured with HSRP.HSRP is working fine.
  But when we see the arp entry in these routers,for some given IPs, the arp entry is listed in primary router but not in the secondary router.
  Also,Cam Entries can be seen in the switch, but arp entry can't be seen in MSFC (ie Secondary Router).
  Can anyone address this issue??
  Regards,
  Nirmal.

  Nirmal,
  By default, ARP entries age out of the ARP cache after certain period of time (i believe it's 4 hrs). Since the standby HSRP device wouldn't be forwarding any traffic to the hosts this behavior is normal. Should the standby HSRP router become the active one and then it would arp and resolve the IP to MAC address.
  Pls. rate all helpful posts.
  HTH,
  Sundar

• How to setup a static multicast ARP entry with Cisco SF300-08?

  We're running a cluster in multicast mode as a  loadbalancer.
  We have Cisco SF300-08 and when we adding a static ARP entry results in an error message telling the user that the hardware address needs to be a valid  unicast MAC address.
  So how to setup a static multicast in Cisco SF300 or maybe someone know other solution to setup multicastes mode in Cisco SF300.

  Hi, Tom!
  We have two watchguard xtm505(cluster active-active) in our network. Watchguard interfaces have one ip and one mac adresses. IP 192.168.111.1(Unicast) and MAC 01:00:5e:02:02:03(multicast).  Cisco SF300 is router to outside networks(to internet). Cisco IP adresss is 192.168.111.254. There are another some hosts in this network.
  Ping from hosts to 192.168.111.254 works well. Ping from hosts to 192.168.111.1 works well too.  But there is no ping from watchguard cluster(192.168.111.1) to Cisco(192.168.111.254). And there is no routing to internet
  This is well-known situation. We need to do following(example for cisco 3750):
  1.    Start the Cisco 3750 command line interface.
  2.    Add a static ARP entry for the multicast MAC address of the FireCluster interface.
  Type this command:
  arp arpa
  For this example, type:
  arp 192.168.111.1 01:00:5e:02:02:03 arpa
  3.    Add an entry to the MAC address table.
  Type this command:
  mac-address-table static vlan interface <#>
  For this example, type:
  mac-address-table static 01:00:5e:02:02:03 vlan 1 interface gi1/0/11
  But we can't add arp entry on Cisco SF300. CLI tells us "MAC address illegal"!
  We tried enable igmp snooping, but is not helps.
  Could you tell more detailed about MAC groups?

• Arp entries becoming zero

  Hi,
  We have Sun 1280 servers running in our lab. We observe that sometime arp entries for some interfaces become zero suddenly.
  Here is the warning we observe in /var/adm/messages :-
  09:53:50 ca-a ip: [ID 903730 kern.warning] WARNING: IP: Hardware address '00:00:00:00:00:00' trying to be our address 024.094.103.069!
  14:32:17 ca-a ip: [ID 903730 kern.warning] WARNING: IP: Hardware address '08:00:20:ad:37:18' trying to be our address 024.094.103.068!
  Any help ?
  Thanks
  Akhil Jain

  Hello,
  the default ARP timeout on the MSFC is 14400 seconds, or 4 hours. The CAM (MAC address table) default timeout is 300 seconds.
  You actually might want to set the CAM agingtime to 4 hours as well, in order to avoid possible IP unicast traffic flooding...
  HTH,
  GP

• How Cisco represent Arp entry's aging time in SNMP MIB

  Hi there,
  I found : when a laptop roamed between an office and a meeting room and used two different IP addressed in these two places, there are two active IP arp entry in Cisco with different aging time.
  Please see the screenshot for "sh ip arp".  My question is how Cisco represent the aging time in SNMP MIB. Is there any cisco proprieatry MIB to represent the aging. I want find the latest arp entry from SNMP. I can't see any useful field in ipNetToMediaEntry, ipNetToPhysicalEntry and cInetNetToMediaEntry. 
  Not sure if cInetNetToMediaLastUpdated is related, but I have never get any snmpwalk result from this oid yet.
  Liam

  This value is not available via SNMP.
  This information comes via IP-MIB and the IP-MIB's ipNetToMedia table will just give you the hardware address, network address, associated interface, and entry type (e.g. static, dynamic, etc.).
  -Thanks
  Vinod

• Problem adding permanent ARP entry

  I tried to add permanent ARP entry but without success.
  Alway expires after 30 sec.
  Does anyone have idea what to do/check.
  >sudo arp -S 192.168.1.254 0:f:94:25:ea:41 ifscope en1
  >arp -axn
  Neighbor                Linklayer Address Expire(O) Expire(I)    Netif Refs Prbs RSSI    LQM     NPM   
  192.168.1.254           0:f:94:25:ea:41   22s       20s            en1    1 none unknown unknown unknown

  I tried to add permanent ARP entry but without success.
  Alway expires after 30 sec.
  Does anyone have idea what to do/check.
  >sudo arp -S 192.168.1.254 0:f:94:25:ea:41 ifscope en1
  >arp -axn
  Neighbor                Linklayer Address Expire(O) Expire(I)    Netif Refs Prbs RSSI    LQM     NPM   
  192.168.1.254           0:f:94:25:ea:41   22s       20s            en1    1 none unknown unknown unknown

• Creating arp entry within stream module

  HI all.
  I'm tying to create an arp entry from within a stream modules stacked between eri and ip. My module is loaded on two interface (eri0 and eri1) and is use as a mangler for packet flowing through it. It take a packet on one interface do some processing on it if neccessary and put it on the other. My two interface are set in promiscious mode using dlpi promisc on message. This way the server become transparent to the network if placed in the critical path. My problem is the server must have only one ip address configured.
  Ex:
  Here there my two stream.
  (1)
  arp
  ip -- 192.168.0.10
  me
  eri0
  (2)
  arp
  ip -- 1.1.1.1
  me
  eri1
  I got some host on the network on both side of my server which is in the critical path between the two segment of the same network. ( hope i'm clear). host on segment can talk to other on the other side perfectly. host on the side of the interface with the valid ip address can communicate with service running on the server but the one on the side with the dummy ip can't. This is because there is no arp entry in the table for this ip with the valid interface (eri0). If i add one myself it work fine. I must mention that there is an entry in the arp table for the host ip with the invalid interface and that i respond myself to the arp request comming from the side of the invalid interface. When a connection is tried to the eri1side i see arp request from my server on the read queue of my module comming from eri0 because of promiscious mode data feedback. I send this request on the other queue and when i get the reply I tried to sending M_PROTO DL_UNITDATA_IND on the queue of the valide interface. Whitout success as you could see.
  I read on other post. That's was because of the fastpath routing. I actually see ioctl message comming downstream when i load my module ont both interface. I tried founding info about these but couldn't. Could i just respond to this ioctl with IOCNACK with the same data to disable? Is this a request to enable fast routing? (the first two byte are 0x4050 if i remember)
  If you know what i'm trying to do is impossible please tell me.
  Thank's.
  Seb.

  It is possible. I effectivly have to disable fast path for it to work. to disable you have to intercept M_IOCTL msg and qreply with M_IOCNAK - EINVAL if it's a DL_IOC_HDR_INFO ioc_cmd. This ioctl isn't the 0x4050???? one but is 0x0000440a.

• What is the maximum number of ARP entries (IPv4) and ND entries (IPv6) supported in our controllers?

  Q: What is the maximum number of ARP entries (IPv4) and ND entries (IPv6) supported in Aruba controllers?
  A: The maximum number of static ARP entries supported is about 2048 for M3/72xx/70xx platforms.
  The maximum number of static ARP entries supported is about 128 for 6xx platforms.
  The maximum number of static ND entries supported is about 2048 for M3/72xx/70xx platforms.
  The maximum number of static ND entries supported is about 128 for 6xx platforms.

  a)It depends upon software level. b) 16,000 per card, With release 9.3:
  60K Connections Support on BXM-E—Provides the ability to support a maximum of 60K per card for VSI applications for the BPX 8600, for example, PNNI or MPLS, used on enhanced BXM-E cards.

• Static ARP entry command no worky with vlan

  Anyone know why this happens? I'm trying to enter a static arp entry and assign it to a specific vlan, for example:
  arp 192.168.200.1 aaaa.bbbb.cccc arpa vlan 15
                      % Invalid input detected at '^' marker
  When this is entered it errors out and marks the word vlan like it is invalid, though it is a valid option when inching forward using the ? help character. I tried multiple iterations and the only other response I get is if I enter vlan 1. To that the router responds with:
  Bad ARP command - Interface may only be specified when bridging IP
  Is one to assume that the vlan need not be specified? I opted to enter the vlan only for uniformity, but then when it behaved strangely I became curious. I wonder in what scenario adding the vlan to an arp entry would be valid and acceptable.
  Thanks, Mike

  Hello,
  What you experienced is the normal behavior. The L3 device does not allow
  you to specify the interface when you are operating in routed mode. Based on
  the address you have configured, it will automatically allocate the static
  ARP entry to appropriate interface. If you have entered an IP that does not
  belong to any subnet, then all interfaces will consider that ARP entry. Only
  if you configure two interfaces in bridge mode (like in the case of PPPoE
  scenarios), then you can specify the interface ID.
  Hope this helps.
  Regards,
  NT

• Static arp entries in zones

  Hi
  I'm aware of, and experiencing the problem with my arp table being poisoned. I'm working on updating the Broadcom drivers but in the meantime need to set some static entries in arp. My setup has the global zone configured on e1000g0, with a second interface e1000g1 used by a non-global-zone, alll interfaces are shared. The global zone has no ip and neither is it up on e1000g1, only plumbed. My point being this, when I create a static arp entry for my the non-global-zones default gateway, which can only be done in the global zone, it is assigned to the e1000g0 device. There is a learnt entry for the same gateway (same ip) but on the e1000g1 interface. Ideally I want the learnt entry removed and the static entry assigned to the e1000g1 interface.
  Is this possible, and if not am I worrying about a problem that doesn't exist. My fear is that the non-global-zone only being aware of the e1000g1 device will only use the learnt arp entry which is in danger of changing.
  If any of this made sense, please can you advise whether there is a potential problem and if it can be rectified.
  Thanks

  813137 wrote:
  Hi
  I'm aware of, and experiencing the problem with my arp table being poisoned. I'm working on updating the Broadcom drivers but in the meantime need to set some static entries in arp. My setup has the global zone configured on e1000g0, with a second interface e1000g1 used by a non-global-zone, alll interfaces are shared. The global zone has no ip and neither is it up on e1000g1, only plumbed. My point being this, when I create a static arp entry for my the non-global-zones default gateway, which can only be done in the global zone, it is assigned to the e1000g0 device. There is a learnt entry for the same gateway (same ip) but on the e1000g1 interface. Ideally I want the learnt entry removed and the static entry assigned to the e1000g1 interface.
  Is this possible, and if not am I worrying about a problem that doesn't exist. My fear is that the non-global-zone only being aware of the e1000g1 device will only use the learnt arp entry which is in danger of changing.
  If any of this made sense, please can you advise whether there is a potential problem and if it can be rectified.Unless your global zone gets an address on the same subnet as the NGZ for e1000g1, it can't add
  a static arp entry in the shared IP configuration..
  OTOH, you can do this with exclusive IP zones, which is really a much cleaner config/administrative model.
  I'd suggest: set up the NGZ as ip-type exclusive, assign it e1000g1, and let the NGZ itself add the static arp entry
  --Sowmini