Static ARP entry problem on 6500

Unanswered Question
Dec 1st, 2008
User Badges:

We've been having problems with our ARP tables either being overrun with entries or entries that don't timeout and relearn correctly. Either way it's caused us to be unable to manage some equipment until running "clear arp" on the 6500. After that the network relearns the ARP entries and you can once again communicate with the device. I mentioned this to another engineer and they said I might want to create static arp entries for all of my gear to prevent this in the future. So I tried it out first by starting with one of our VoIP phone adapters. Here's what I get, I've removed the ip address since it's public.


#arp x.x.x.x 0019.cb1c.105f arpa vlan 21

Bad ARP command - Interface may only be specified when bridging IP


But if I leave off "VLAN 21" the entry is taken without error, but there still seems to be a problem because the other learned arp entries show the correct VLAN information to the right, but my static entry does not. My VoIP adapter also seems to stop working when I configure the static ARP entry on the switch.


Internet x.x.x.x 76 001c.c465.a90e ARPA Vlan21

Internet x.x.x.x 9 0011.95bd.05c1 ARPA Vlan21

Internet x.x.x.x - 0019.cb1c.105f ARPA

Internet x.x.x.x 148 0004.f202.7780 ARPA Vlan21


Anyone have any recommendations or any clue to the behavior that I'm seeing?


Here's the configuration for the VLAN interface


interface Vlan21

description to ## Site 1 #

ip address 172.20.1.1 255.255.255.0 secondary

ip address x.x.x.x 255.255.255.128

ip helper-address x.x.x.x

no ip redirects

ip dhcp relay information trusted


Currently running version

s72033_rp Software (s72033_rp-PK9SV-M), Version 12.2(17d)SXB11a

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 4 (1 ratings)
Loading.
Giuseppe Larosa Mon, 12/01/2008 - 12:28
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Eli,

vlan 21 is a L3 object interface.


But it should be usable as parameter in the arp command.

This can be a platform specific issue.


However, you should verify also if the device(s) that are filling the ARP table are configured with proxy-arp enabled.

This can create problems if there are devices that answer with their MAC address instead of the legitimate devices.

find out these mac addresses and if the devices are under your control disable proxy-arp

use

int fx/y

no ip proxy-arp


Also I'm not sure that a static ARP cannot be overriden by an ARP message.

There have been other threads about this.


Hope to help

Giuseppe


Eli Barb Mon, 12/01/2008 - 14:35
User Badges:

Thanks for the reply.


From what I'm reading a person only needs proxy-arp enabled if the hosts connected don't have a gateway IP configured or the devices are operating under the assumption of a flat network. Since most hosts will have the gateway information I can't find any compelling reason that Cisco would have this enabled by default. Is this something I can disable across the board without any negative repercussions?


I may be misunderstanding your last paragraph about a static arp entry being overwritten by an ARP message. Had you picked up from my question that I was asking if that was possible or were you suggesting that from your past experience you had seen or heard of a static entry being overwritten by an arp message?


Thanks again.

Eli

Giuseppe Larosa Tue, 12/02/2008 - 00:32
User Badges:
  • Super Silver, 17500 points or more
  • Hall of Fame,

    Founding Member

Hello Eli,

in the past during a bug analysis for the versions used in a customer network I've seen some bugs that were telling a gratuitous ARP was even able to rewrite the ARP entry for the router lan interface itself !

Also there was another thread here in the forum in which in a similar issue static ARP entries were not able to avoid the entries to be overriden by dynamic entries.

So I'm not sure that static ARP entries can solve your issue: they may or they may not.

I think that some other device in the subnet has proxy-arp enabled and is answering to ARP requests instead of legitimate devices or even a PC infected with some malware that tries to make some Man in the middle attack


Hope to help

Giuseppe


Actions

This Discussion