Strange Arp table

Hi
using solaris 10, I found that arp command output shows some confusing
entry..
for example: the MAC address of Gateway is not really the MAC what my cisco
gateway in reality has but the MAC shown in arp output is of NIC on a
windows 2003 server which is not supposed to be gateway or a router nor is
the 2003 machine configured for such routing/gateway services.
Could it be something wrong in solaris 10 ? or wrong in windows 2003 os or
hardware ? Solaris 10 is on sparc and windows 2003 is on a Dell power edge
1955..while actual gateway is cisco and working fine as per the network guys
but I am not sure..
any ideas ?
Thanks

Hello,
We are having similar issues. We are running T2000s and T5140s, Solaris 10 5/08, patched to the June 2008 EIS DVD, plus kernel patch 137111-06. Entries in these Sun servers' ARP tables are being overwritten.
server1# arp -a | grep server2
nxge0 server2.fubar.com 255.255.255.255 00:14:4f:46:6b:4e
server1# arp -a | grep server2
nxge0 server2.fubar.com 255.255.255.255 00:1e:c9:3a:16:c0
Those two arp -a commands were run a few minutes apart. The first one is server2's real MAC address. The second one is the MAC address of a Dell Windows server.
Sun Support says it's because as of Solaris 10 Update 4 (or kernel patch 120011-14), they are adhering more closely to RFC 826. Sun Support is blaming the Dell Windows servers with Broadcom ethernet cards on our network. Sun says that they need to be patched. See the following: http://support.dell.com/support/topics/global.aspx/support/dsn/en/document?c=us&dl=false&l=en&s=gen&docid=49F4FB5AA612CFF6E040A68F5A28020D&doclang=en&cs
The problem is, our Windows support team is patching the Dell servers, but it is not fixing the problem.
We are escalating the problem within Sun, and are asking them for a workaround. It is all noble and good that Sun is adhering closely to RFC 826, but they must understand that by doing so, they are essentially making our Sun servers unusable.

Similar Messages

Sometimes Local Address not in ARP table and Ping fails (network problem?)

I see something like this on our network a couple of times a week.
The same replies have been received from different hosts.
ping fails
local subnet machine is not in arp table
ping fails
local subnet machine is not in arp table
traceroute may or maynot succeed
If traceroute succeeds an entry is in the arp table
if traceroute fails no entry will be in the arp table.
A netstat -s, ont the local host, doesn't show any thing strange except that udpNoPorts=10844982 (Unfortunately I don't know what udpNoPorts is)
The remote host IS UP.
Does anyone have an idea as to why this is happening?
Can our 100mb network, which is not that busy, be loosing that many ICMP or ARP messages?
This is a problem because I'm the guy getting paged if a system is down.
Local host is Solaris 7 on same subnet at IP 168.173.8.8
Remote hosts are usually NT boxes.
/usr/sbin/ping -svR stpaul_web2 56 3
----stpaul_web2.agribank.com PING Statistics----
3 packets transmitted, 0 packets received, 100% packet loss
/usr/sbin/arp stpaul_web2
stpaul_web2 (168.173.8.143) -- no entry
/usr/sbin/ping -svR stpaul_web2 56 3
----stpaul_web2.agribank.com PING Statistics----
3 packets transmitted, 0 packets received, 100% packet loss
/usr/sbin/arp stpaul_web2
stpaul_web2 (168.173.8.143) -- no entry
/usr/sbin/traceroute stpaul_web2
1 stpaul_web2.AGRIBANK.COM (168.173.8.143) 2995.868 ms 0.231 ms 0.211 ms
/usr/sbin/arp stpaul_web2
stpaul_web2 (168.173.8.143) at 0:1:2:cc:a3:51
Any help is greatly appreciated.
Ks

Hi,
I Think you need to do Teaming on the servers.
++ configure etherchannel between switch and the server.
configuring etherchannel b/w 4503 and server:
================================
http://www.cisco.com/en/US/tech/tk389/tk213/technologies_configuration_example09186a008089a821.shtml
Sample NIC Teaming - HP NICs with Cisco Switches (EtherChannel) :
==============================================
http://support.citrix.com/article/CTX434260
There are several NIC teaming technologies available today from switch vendors. Cisco uses the term “EtherChannel.” Various switch vendors use various terms, and these may or may not provide the same exact functionality. Use of EtherChannel technology requires support from the server hardware vendor, NIC vendor, and Layer-2 switch vendor.
Hope this helps
Cheers
Somu
Rate helpful posts

ARP table not populating mac address for previously reachable IP address

Router has been online and working fine with one BGP neighbor for almost 2 years and no downtime. 2 weeks ago, added a 2nd BGP peer. Everything worked fine for 2 weeks, then all of a sudden yesterday the 2nd BGP peer is disconnected and does not come back. ISP checks and sees everything looks fine on their end. We cannot even ping each other now.
Upon investigation, the ARP table is not even populating the MAC address for the BGP peer IP anymore (same local subnet). Stays "incomplete" in the table no matter what we do, including clearing arp table, changing IP address, etc.
Plug a laptop directly into the 2nd BGP peer FE port and replicate the IP addressing. Laptop cannot ping Router, but Router CAN ping laptop. Check ARP table, but STILL no mac address assigned and now not even the ARP table showing "incomplete".
Thinking it could be the FE interface, switch to the 2nd FE interface and perform same laptop test, this time with arbitrary IP addressing. Now cannot ping each other, no MAC in ARP table.
End up rebooting the router and lo-and-behold, everything is working normally again. 2nd BGP peer peers up instantly.
I should also mention that the 1st BGP peer worked flawlessly throughout, taking all the Internet load and having no issues throughout.
Also, the FE ports for the 2nd BGP peer are on an HWIC FE card plugged into the router. The 1st BGP peer is plugged into the built-in GE interface. 2901 running: c2900-universalk9-mz.SPA.151-4.M4.bin
Lastly, no router resource issues, no error messages, no logs. Just the BGP peer disconnecting.
I have never, in 20 years working with Cisco routers seen something like this before. This is the most fundamental aspect of IP and Ethernet that was not working.
Has anyone ever seen this behavior before??
Here is the router config (IP's changed):
version 15.1
service timestamps debug datetime msec localtime show-timezone
service timestamps log datetime msec localtime show-timezone
service password-encryption
service internal
service sequence-numbers
boot-start-marker
boot-end-marker
logging buffered 150000
aaa new-model
aaa authentication login LAUTHEN local
aaa authentication login TAUTHEN local group tacacs+ enable
aaa authorization console
aaa authorization exec LAUTHOR local if-authenticated
aaa authorization exec TAUTHOR local group tacacs+ if-authenticated
aaa session-id common
clock timezone PST -8 0
clock summer-time PDT recurring
no ipv6 cef
no ip source-route
ip cef
no ip domain lookup
multilink bundle-name authenticated
username ubiadmin privilege 15 secret 4 .JbeuWXuZvchrG0OL.5BftFtqrrEyxcnVHn5rIuCnTk
username umitsnoc01 privilege 15 secret 4 cUmoRUjey9O1x.wk9S.kleX.iAAhCwihupr6Z98p6OA
redundancy
ip ssh version 2
track 1 interface GigabitEthernet0/0 line-protocol
class-map match-any AutoQoS-VoIP-RTP-Trust
match access-group name SIP-Media-INBOUND
class-map match-any AutoQoS-VoIP-Control-Trust
match ip dscp cs3
match ip dscp af31
class-map match-any Customer-Voice
match access-group name Customer-VPNs
class-map match-any media
match access-group name SIP-Media
class-map match-any signaling
match access-group name SIP-Signaling
policy-map AutoQoS-Policy-Trust
class AutoQoS-VoIP-RTP-Trust
priority percent 70
class AutoQoS-VoIP-Control-Trust
bandwidth percent 5
class class-default
fair-queue
policy-map queue
class signaling
bandwidth percent 5
class media
priority percent 50
class Customer-Voice
priority percent 40
class class-default
fair-queue
policy-map shape
class class-default
shape average 10000000
service-policy queue
interface Embedded-Service-Engine0/0
no ip address
shutdown
interface GigabitEthernet0/0
description BGP Peer 1
ip address 2.2.2.2 255.255.255.252
no ip redirects
ip flow ingress
ip flow egress
duplex auto
speed auto
service-policy output shape
interface GigabitEthernet0/1
description LAN
ip address 1.2.3.4 255.255.255.0
no ip redirects
ip flow ingress
ip flow egress
standby 255 ip 1.2.3.1
standby 255 priority 105
standby 255 preempt
standby 255 mac-address 1a2b.3c4d.5e6f
standby 255 track 1 decrement 10
duplex auto
speed auto
service-policy output AutoQoS-Policy-Trust
interface FastEthernet0/0/0
description BGP Peer 2
ip address 1.1.1.1 255.255.255.252
ip flow ingress
ip flow egress
duplex full
speed 100
service-policy output shape
interface FastEthernet0/0/1
no ip address
shutdown
duplex auto
speed auto
router bgp 7777
bgp router-id 2.2.2.2
bgp log-neighbor-changes
network 1.2.3.0 mask 255.255.255.0
neighbor 1.1.1.2 remote-as 5555
neighbor 1.1.1.2 update-source FastEthernet0/0/0
neighbor 1.1.1.2 prefix-list L3-DEFGW in
neighbor 1.1.1.2 route-map L3-LPREF-IN in
neighbor 2.2.2.1 remote-as 6666
neighbor 2.2.2.1 ebgp-multihop 2
neighbor 2.2.2.1 update-source GigabitEthernet0/0
neighbor 2.2.2.1 send-community
neighbor 2.2.2.1 prefix-list COLO-DEFGW in
neighbor 2.2.2.1 route-map COLO-LPREF-IN in
neighbor 2.2.2.1 route-map COLO-OUT out
ip forward-protocol nd
ip bgp-community new-format
ip as-path access-list 5 permit _5555_
ip as-path access-list 5 deny .*
ip as-path access-list 10 permit ^6666$
no ip http server
no ip http secure-server
ip flow-top-talkers
top 50
sort-by bytes
ip route 0.0.0.0 0.0.0.0 1.1.1.2 254 name L3
ip route 0.0.0.0 0.0.0.0 2.2.2.1 255 name COLO1
ip route 10.0.0.0 255.0.0.0 10.10.10.10 name FW_OUTSIDE
ip tacacs source-interface GigabitEthernet0/1
ip access-list standard SNMP_SOURCES
permit 12.12.12.0 0.0.0.255
deny any log
ip prefix-list L3-DEFGW seq 5 permit 0.0.0.0/0
ip prefix-list COLO-DEFGW seq 5 permit 0.0.0.0/0
ip prefix-list COLO-LPREF-OUT seq 5 permit 1.2.3.0/24
route-map COLO-LPREF-IN permit 5
match as-path 5
set local-preference 250
route-map COLO-LPREF-IN permit 10
set local-preference 150
route-map COLO-LPREF-IN permit 20
route-map COLO-OUT permit 10
match ip address prefix-list COLO-LPREF-OUT
set as-path prepend 7777 7777 7777
set community 29795:1004
route-map COLO-OUT permit 20
route-map L3-LPREF-IN permit 10
match as-path 10
set local-preference 200
route-map L3-LPREF-IN permit 20
set local-preference 150
snmp-server enable traps snmp authentication linkdown linkup coldstart warmstart
snmp-server enable traps vrrp
snmp-server enable traps flowmon
snmp-server enable traps transceiver all
snmp-server enable traps ds1
snmp-server enable traps call-home message-send-fail server-fail
snmp-server enable traps tty
snmp-server enable traps license
snmp-server enable traps envmon
snmp-server enable traps ethernet cfm cc mep-up mep-down cross-connect loop config
snmp-server enable traps ethernet cfm crosscheck mep-missing mep-unknown service-up
snmp-server enable traps flash insertion removal
snmp-server enable traps mac-notification
snmp-server enable traps aaa_server
snmp-server enable traps cef resource-failure peer-state-change peer-fib-state-change inconsistency
snmp-server enable traps memory bufferpeak
snmp-server enable traps config-copy
snmp-server enable traps config
snmp-server enable traps config-ctid
snmp-server enable traps event-manager
snmp-server enable traps hsrp
snmp-server enable traps cpu threshold
snmp-server enable traps rsvp
snmp-server enable traps syslog
snmp-server enable traps vtp
snmp-server enable traps ipsla

When you were checking the ARP table was there an entry for Fast0/0/0?
HTH
Rick

Verizon 9100EM Router - ARP Table No Longer Working

I have the Westell 9100EM router from Verizon. The router allows to set static DHCP connections using a function called ARP Table (under Advanced menu). It actually used to work. However, when I attempted to add a new static connection today, ARP Tbale was no longer working. It shows connections that I set up in the past but does not allow to add any new connection or even to change anything.
Specifically, the ARP Table now has only three columns (IP Address, Physical Address, and Device). There used to be several additional columns (Lease Type, Connection Name, Status, and Action), which are now gone. The "Action" column had links from where one could change the setting. It also had the option "New Static Connection", which is now gone as well.
Any idea what the reason could be?
Thanks a lot.

It seems to me that the router's firmware (OS if you will) was upgraded OR downgraged.
If you are the original poster (OP) and your issue is solved, please remember to click the "Solution?" button so that others can more easily find it. If anyone has been helpful to you, please show your appreciation by clicking the "Kudos" button.

Strange ARP Problems with C170 and AsyncOS 9

after upgrading to asyncOS 9.0 (Ironport C170) we have the following problem.
For better understanding a short explanation (without all network devices)
The traffic flow is
Lan --- Application Firewall ---Ironport
During a connection between the Firewall and the Ironport, the Ironport is unable to make a response.
It seems the Ironport is unable to make an arp resolution for the virtual cluster ip from the firewall.
E.g. ping from the firewall with the virtual cluster ip as source won't work.
Ping from the firewall with the physical interface as source works fine.
AsyncOS prior to version 9 has not such problems.
The arp table shows following entry for the virtual cluster ip (AsynOS)
(xxx.xxx.103.254) at (incomplete) on em1 expired [ethernet]
Explantation:
xx.103.254 with mac 01:00:5e:19:67:fe = virtual cluster ip
xx.103.128 with mac 00:e0:ed:37:05:1a = physical interface ip
Ping from "xxx.103.254 Cluster IP" as source to xxx.103.135 (cisco Ironport) as destination
The ICMP Packet went from the virtual Cluster Interface (xxx.25.103.254) with mac-adress 05:1a (physical interface) to the ironport.
The ironport makes an arp request...who is xxx.25.103.254?..and receives as answer the OTHER mac-address (virtual Clusterinterface) 67:fe.
I think, the ironport with the new asyncOS has some troubles with this 2 different mac-addresses.
No. Time Source Destination Protocol Length Info
10 4.115231 xxx.25.103.254 xxx.25.103.135 ICMP 98 Echo (ping) request id=0xaa26, seq=0/0, ttl=64 (no response found!)
Frame 10: 98 bytes on wire (784 bits), 98 bytes captured (784 bits)
Ethernet II, Src: Silicom_37:05:1a (00:e0:ed:37:05:1a), Dst: Cisco_9c:ba:3a (50:3d:e5:9c:ba:3a)
Internet Protocol Version 4, Src: xxx.25.103.254 (xxx.25.103.254), Dst: xxx.25.103.135 (xxx.25.103.135)
Internet Control Message Protocol
No. Time Source Destination Protocol Length Info
11 4.115251 Cisco_9c:ba:3a Broadcast ARP 42 Who has xxx.25.103.254? Tell xxx.25.103.135
Frame 11: 42 bytes on wire (336 bits), 42 bytes captured (336 bits)
Ethernet II, Src: Cisco_9c:ba:3a (50:3d:e5:9c:ba:3a), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
Address Resolution Protocol (request)
No. Time Source Destination Protocol Length Info
12 4.115365 Silicom_37:05:1a Cisco_9c:ba:3a ARP 60 xxx.25.103.254 is at 01:00:5e:19:67:fe
Frame 12: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)
Ethernet II, Src: Silicom_37:05:1a (00:e0:ed:37:05:1a), Dst: Cisco_9c:ba:3a (50:3d:e5:9c:ba:3a)
any ideas?

Try a different DNS server.
Open System Preferences > Network > Advanced > DNS
Click + and type:
208.67.222.222
Click + again and do the same.
208.67.220.220
Click OK.
Then try Safari or Mail.

Cisco EA4500 ARP Table?

Hello,
I am trying to do the following:
Add a static entry in your router’s ARP table with your device’s MAC address, so it won’t be removed after a time of inactivity (time that depends on the ARP table timeout).
I can't seem to find the ARP table in the settings. Any help would be appreciated.
Thanks

I believe this router doesn't have that feature. Tried searching the net but it’s showing that only business class routers have this feature. This router only has the DHCP client table.

LAN - ARP Table

Hello,
I'm not sure if someone has come across this before. But they might enlighten me.
Under what circumstances would you see ARP enteries on a switch for subnets out side of the local subnet?
Example 2 switches back to back everything in default vlan 1. These uplink to a pair of routers running HSRP.
I would expect to see x.x.x.200 /24
arp enteries for devices on the switches
but not addresses outside of this range.
Any input appreciated.
Thank you.

Suppose you are talking layer2 switches like the 2950 series?
First of all, this has nothing to do with the switching process on the access ports. The arp table on a switch is only used for the IP management interface. ARP entries will appear for anything that you contact from the console.
Typically anything beyond your local subnet is covered by a default gateway but when the switch is using proxy-arp for address resolution you can see anything on your network.
Regards,
Leo

Delete ARP table entry

I need to create a program to delete an entry in the ARP table in Windows 7 with LabVIEW or TestStand. The test that I am developing communicates with the DUT over Ethernet. Each DUT has the same IP address to start but different MAC addresses. I am noticing that there can be long delays in the test execution when trying to connect and deleting the previous entry in the ARP table seems to help. But currently I have to do this manually through the command line. The command "arp -d" requires elevated privileges. I have been having a tough time getting LabVIEW to elevate the system exec. Does anybody have an ideas? Is there any .NET access to the ARP table?
Thanks,
Paul
Solved!
Go to Solution.

I would try looking into tuning the ARP timing parameters in Windows.
We suffered from various TCP performance/connection problems some years ago and our solution was to modify the the default number of TCP sockets and timeouts (we were experiencing port exhaustion). The tweeks eliminated most of our problems, no LV/TS code changes required.
I tried to find info on ARP settings for Windows 7, but it seems that there is much less info available than ther is for XP.
The registry keywords most common for older versions of Windows were "ArpCacheLife" and "ArpCacheMinReferencedLife"
EDIT:
These settings were apparently removed in Vista. I found this on the M$ site; they may apply to later versions as well since M$ is following an RFC for ARP management...
http://support.microsoft.com/kb/949589
Now is the right time to use %^<%Y-%m-%dT%H:%M:%S%3uZ>T
If you don't hate time zones, you're not a real programmer.
"You are what you don't automate"
Inplaceness is synonymous with insidiousness

Gratuitous ARPs do not populate the router ARP Table

Hello,
In order to debug an ARP problem in a Firewall cluster environment, I connected a one-armed router on the public VLAN of the firewall cluster, in order to observe the ARP cache behaviour during a switchover. I configured a loopback interface on this router and a default route to this loopback interface to simulate a real router.
When a switchover occurs between firewall cluster members, the active member sends Gratuitous ARPs for all NATed IP addresses. In my environment, I have 110 NATed addresses configured on the firewall.
By launching a "debug arp" on the one armed router, I clearly see all 110 gratuitous ARPs arriving on the router, but the ARP cache of the router is NOT populated with the 110 entries...
Note : The command is configured on the one armed router :
Router(config)# ip arp gratuitous local
What can be the problem ? Is there any condition for a router to accept Gratuitous ARPs ?
Thank you for any help
Yves

Hi
Gratuitous arp is used when a host wants to inform the switch that the mac-address has changed eg.
You have a cluster which has redundant connections and an IP to mac-address mapping. If the active NIC fails the IP address is moved across to the standby NIC but the standby NIC has a different mac-address. So the cluster sends out a gratuitous arp which informs the switch of the new IP to mac-address mapping.
The reason you might not want to allow gratuitous arp is that you might not want your switch updating it's arp table based on annoucements from devices on the LAN as you could very easily spoof mac-addresses and corrupt the arp cache.
HTH
Jon

MAC-to-IP address ARP table?

The SNMP MIB entry ipNetToMediaPhysAddress gives the MAC address from the ARP table, referenced by the IP. Is there a table available anywhere in some router MIB that would give the equivalent of "MediaPhysAddressToipNet" (reverse) information so that an IP address in the ARP table could be referenced using the MAC address?
RFC1213 section 3.6 alludes to a future document that would define a MIB for CLNP and it would contain two tables for mappings in both directions. But I've not been able to find anything else about that.
I'm trying to avoid pulling the entire ARP table from the router (several thousand entries makes it take about 90 seconds and it drives the CPU to 100%) just to get a single MAC-to-IP address mapping when that info is needed.
--Scott

I haven't run across any such object, and a quick check of my 15.0 router yields nothing I missed.
You might consider doing periodic collection of the ARP table (e.g. when most users are logged into the network) to have a cache through which to search for this kind of information. This is how the Campus Manager User Tracking application works. By default, it polls the ARP table (along with swithc MAC/CAM tables) at 10:00 and 14:00 to build a table of all connected users. From this one can search for IPs, MACs, and even usernames.

Esw-540-48 - direclty connected to port 34, still no MAC in ARP table

Hi all,
I have a ESW-540-48 with firmware 2.1.21 (latest)
I have the strangest problem: I can 't find the MAC address of a computer plugged directly on the switch in the ARP table.
I'm trying to search by MAC address, and also by port .
If I reboot the switch, it does work as expected.
Do you think it is software related, and in this case is there anything planned to solve this problem ?
Or maybe I should just replace my hardware ?
Thanks

Hi Firco, it may be possible it is a smart port issue. The ESW switches are very particular to use the correct smart port roles for the connecting devices. I don't think a hardware replacement is warranted unless the given ports absolutely failed to forward.
As a secondary thought, it could also be a spanning tree issue. Ensure you're using RSTP and/or the host ports have port fast enabled. If using classic spanning tree it takes nearly a minute for a port to go to forwarding state. You can disable spanning tree on the port for testing to quickly rule that out.

3750G won't "age out" old arp table entries

WS-C3750G-24TS running
12.2(20)SE4, RELEASE SOFTWARE (fc1).
sho mac-address-table aging-time
Vlan Aging Time
253 300
252 300
254 300
255 300
1 300
251 300
The aging is not working. I can failover some devices I have and the mac-address of the old device associated the the IP never ages out. "Clear arp" makes the standby unit respond to pings and connectivity to the standby unit is 100% after the "clear arp".
Showing the arp cache, I can see the IP associated with the old mac-address and the "age" keeps increasing, not decreasing with the old mac-address.
It also doesn't matter if the Primary unit has been rebooted, switch keeps the old mac-address associated the Primary unit.
Suggestions?

I think permanent entry should have been made into the arp cache using the "arp ip-address hardware-address type" command.
To remove this arp entry, you can try "clear arp-cache".This will delete all dynamic entries from the ARP table.
for more details, refer the following page:
http://www.cisco.com/en/US/products/sw/iosswrel/ps1828/products_command_reference_chapter09186a00800ca5b0.html#1017562

WOL and ARP Tables in BT Home Hub 2

Hi,
I have noticed several posts on the forum around the matter of WOL and also using port-forwarding to games devices but have not seen any definitive answer to my question.
I am wanting to use WOL in order to access my home PC from a netbook when away from home without having to leave it on all the time.
I have my PC set up to WOL using WOL Magic Packet Sender and DynDNS. This all works fine until the Home Hub refreshes its ARP table and it no longer finds my PC.
I have managed to set things up so I have a telnet connection to the hub and can run arp -a to see the existing entries. However, whenever I try to do an arp -s inet_addr mac_addr it comes up with Segmentation Error. I have tried deleting all reference to my PC and adding the static entry from my netbook but this gives the same result. I have tried both with DHCP and static addresses in the PC.
Does anyone know if it is possible to set up a permanent ARP entry in the Home Hub, please? BT online support say they are not trained in such matters (after disconnecting me twice) and suggest phoning in for chargeable help.
Cheers,
Joan

I'd like to do this too. I had it set on my previous ISP's Thompson 585v7 router, which is hardly cutting edge so I'd hope it's possible with the Home Hub.

Have to "clear arp" table to get traffic to pass

I have a very unusual problem that I can't figure out. We have a 2800 series router we are using as our voice gateway. It has been running fine for about 6 months but then a few days ago, it started dropping off the network every 10 minutes or so. We initially found that unplugging the patch cable and pluggint it back in would correct the problem temporarily for another 10 minutes or so. However, now we have discovered that the simply running "clear arp" on the router gets it back up and running.
Here is what happens. The router drops off the network, not pingable by CallManager or Unity. If we do a clear arp, it is immediately back up and going again.
We have updated the IOS, even changed from spservices to ip voice ios, moved it to a different switch, and even set the arp entries manually, but we still have to clear arp every few minutes to keep it up. When it stops responding on the network, we can console into it and look at the arp table, and its right. But until we issue a clear arp, it can't connect to certain network devices like CM and Unity.
Any ideas?

The problem is almost surely due to duplicate addresses somewhere. Someone has probably accidentally configured the gateway address as the static IP address on a different device on the same LAN segment. Or, the gateway address was accidentally given out via DHCP.
Regardless, I'd bet money that something like this happened.

Host not showing up in ARP table

Hi,
I am having an interesting/weird problem with one of my Catalyst 6509 switches.
The setup is as follows:
HostA - Switch1 - Switch2 - HostB
There is routing in place for HostA to reach HostB and vica versa.
I am testing this using ICMP. There is nothing blocking ICMP traffic on any of the devices.
Problem in question: I can only ping HostB from HostA (or Switch1) if HostB is found in the ARP table of Switch2. Pretty normal you might say since we need Switch2 to route/switch the packet to HostB and that will of course only happen if the ARP table is populated.
But what happens is the following:
I ping from HostA to HostB. It fails. I check Switch2 and I see that HostB is nowhere to be found in its ARP table.
Next I ping HostB from Switch2 (5 packets). First packet fails, last 4 I get a reply. I check and see that now HostB is to be found in the ARP table of Switch2.
Now I ping HostB from HostA and it works fine.
This behaviour is happening for all hosts in the subnet (VLAN) of HostB. I cannot reach them until I ping them from Switch2, after which they're in the ARP table and everything works.
Maybe it something different than the ARP table not being populated all together, but that is for now all I noticed. Does this problem ring a bell with anyone. And is there a fix?
It looks to me like Switch2 is malfunctioning, although I have no idea what is. Furthermore this apears to be working ok for a lot (read: all) of the other VLANS on Switch2.
Anyway. I'd love some help in troubleshooting this one.
kind regards,
Kevin

This goes back to the way switches (or bridges) work. They have to see a frame from an end device to know its MAC address and once they see it they add an entry in their CAM (or MAC) table. The entry basically tells the switch that a specific MAC is reachable via a particular port and this is meant to prevent subsequent flooding of unicast frames. In short an end device needs to send at least one frame for the switch to 'see' it. Another point to remember is that each entry in the CAM table has an age associated with it and if a switch does not see subsequent frames from that host it will age out the entry and start flooding all frames destined to this MAC address until it is learnt again (and learning is done only when the owner of the MAC starts to communicate again).
Kevin,
Can you please explain your topology in a bit more detail? I am looking for information like what is the default gateway of each VLAN, how are the VLANs spread across the two switches, any HSRP configurations and if yes who is the active for what VLAN, routing between switches, etc. This will help us troubleshoot the problem in a more effective manner.

Strange Arp table

Similar Messages

Maybe you are looking for