Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
12118
Views
0
Helpful
7
Replies

ARP Cache vs Mac-address-table

justin putman
Level 1
Level 1

‎03-02-2010 01:47 PM - edited ‎03-06-2019 09:57 AM

Greetings,

I am having network connectiviy issues trying to get to a server.  I noticed on the switch that there is an entry for this server in the arp table (show ip arp x.x.x.x) but when I check the mac-address-table, there is no entry related to this server.  Is this a stale arp entry that needs to be cleared or is there something I am missing?

Thanks,

Justin

Labels:
0 Helpful
7 Replies 7

contech-nelsong
Level 1
Level 1

‎03-02-2010 01:54 PM

the arp timeout is longer than the mac-address-timeout.

your assumption is correct, the arp entry is stale.

0 Helpful

Giuseppe Larosa
Hall of Fame
Hall of Fame

‎03-02-2010 02:01 PM

Hello Justin,

with default timers this means that that MAC address has been silent for more then 300 seconds (CAM aging time) and less then for 4 hours (ARP timeout), it is not a problem itself it can be an effect and not a cause.

unknown unicast frames with DA= that MAC address are flooded in the vlan as a broadcast packet, until that server sends back an answer and the switches can learn again where the MAC address is.

This can be also part of the issue if someone tries to send a lot of packets to this server they are treated as broadcast traffic.

I would check if that MAC address is the correct one comparing ARP table with server NIC MAC address

Some other device may have answered to an ARP request insted of the right one for example.

Hope to help

Giuseppe

0 Helpful

gianluca2891
Level 1
Level 1

‎03-02-2010 02:03 PM

The default ARP table aging time is 4 hours while the CAM holds the       entries for only 5 minutes.

If you issue a ping to that server, does the mac address appear in the CAM table?

0 Helpful

justin putman
Level 1
Level 1
In response to gianluca2891

‎03-02-2010 02:05 PM

Thanks for all the help guys.

No, when I try and ping the server the mac address does not appear in the CAM table.

0 Helpful

contech-nelsong
Level 1
Level 1
In response to justin putman

‎03-02-2010 02:08 PM

if you ping it from the same vlan then the arp response should come from the affected server and not the router, which should fill the cam table correctly

0 Helpful

justin putman
Level 1
Level 1
In response to contech-nelsong

‎03-02-2010 03:38 PM

Yes,

When I ping the server for the same vlan SVI, the CAM table is populated.  However, it is still unable to reach the server.  I am think the problem is on the server end as this is a really old box.

Thanks for all the help guys but I think I am going to pass this on to the Windows Team to take a look at the machine as it appears as though the network is fine.

0 Helpful

Kevin Dorrell
Level 10
Level 10
In response to justin putman

‎03-03-2010 12:13 AM

It could be simply that the server has a firewall that stops it responding to a ping.  Or possibly that it has no route back to the source address of your ping.

If there is no ARP entry, then you ping it, then the ARP entry appears, that means the server is actually working, but the problem lies with the ping or its reply.  If the CAM table is aging out, that means the server is not very active, and has been silent for more than 5 minutes.  That behavior of the CAM table is quite normal.  If you ping somethikng, and you have an ARP entry but no CAM entry, then the switch will flood the ping to all ports.  The CAM entry will not be formed until the server replies, at which point the switch can build the CAM table entry from the server's source address.

Kevin Dorrell

Luxembourg

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card