Solved: Router ARP Timeout problem

mikedelafield · ‎05-19-2009

Hello.

I had a problem today with ARP cahcing on a Cisco router when I replaced my Cisco ASA firewall with a new piece of hardware (complete with new MAC addresses of course!)

Upon repalcement I kept identical config and IP addresses etc, however when I came to setup the static NAT entries (using proxy ARP as usual) I was unable to connect to our default gateway Cisco router from some of the static NAT IPs.

No reponse came back from the router at all.

I presume that for some reason the Router was still caching the old ARP entires for the static NATs IP and MAC addresses.

I know the Cisco ARP default timeout is 4 hours, but I would have thought there would be some mechanism were the router re-arps or refreshes?

I have no control over the router in question so I could not clear the ARP cache and just had to wait.

Is this behaviour normal? If so, is there any way to "force" re-arp-ing when you do not have router access?

Please help.

Thanks.

rakesh.hegde · ‎05-21-2009

Hi,

Configure static NAT ips on the ASA interface one by one. The firewall will send gratuitous arps to the router, updating its arp table with the new MAC . Finally, configure the firewall interface with the correct IP and put the statics back in.Of course, all this if you can afford the down time

HTH

-Rakesh

View solution in original post

dgroscost · ‎05-19-2009

If you have physical access to the router you could always power cycle it :-)

I don't believe there is a way to do this without having administrative access (or physical access) to the router w/ the outdated cache entry.

Giuseppe Larosa · ‎05-19-2009

Hello Mike,

if you unplug the lan cable it should purge the ARP entries for the failed interface (because it is down/down)

wait 2-3 minutes

And so it should re-arp when you plug the cable again.

if this doesn't work you can only power cycle it.

Hope to help

Giuseppe

Richard Burts · ‎05-19-2009

Michael

You ask an interesting question, to which you also provide the answer:

"I know the Cisco ARP default timeout is 4 hours, but I would have thought there would be some mechanism were the router re-arps or refreshes?" Indeed there is a mechanism where the router re-arps and refreshes - and it is the 4 hour timeout. Every 4 hours an ARP entry times out, is purged, and the router re-arps for it. Your problem is that 4 hours is a long time to wait.

Dan and Giuseppe both provide answers dealing with how to shorten the waiting period. But unfortunately both of them do not seem to recognize your statement that you do not have administrative control over the router, since clearing, or unplugging a cable, or power cycling tend to imply administrative control. How many of us would unplug cables or power cycle on a router for which we did not have administrative control (causing an outage on a router that is not ours)?

Without administrative control (or at least cooperation from those who do have administrative control) I see no choice but to wait 4 hours.

HTH

Rick

HTH

Rick

rakesh.hegde · ‎05-21-2009

Hi,

Configure static NAT ips on the ASA interface one by one. The firewall will send gratuitous arps to the router, updating its arp table with the new MAC . Finally, configure the firewall interface with the correct IP and put the statics back in.Of course, all this if you can afford the down time

HTH

-Rakesh