Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
415
Views
0
Helpful
2
Replies

ARP Logic Question

robert.horrigan
Level 2
Level 2

‎07-28-2010 09:19 AM - edited ‎03-06-2019 12:13 PM

Hi,

Can anyonehelp me understand an issue with ARP logic?  I installed a multi-context firewall and did not use the auto mac command.  The router showed (for example) for the subinterfaces on the contexts

arp ip x.x.x.30  mac xxxx.xxxx.fee1

arp ip x.x.x.31  mac xxxx.xxxx.fee1

arp ip x.x.x.32  mac xxxx.xxxx.fee1

IP traffic to the various contexts never flowed.  I had to implement the auto mac command which gave each context its own MAC.  My question is, is it against the logic to have multiple IPs for one MAC?  I did not think it was.  Why did I have to use teh auto-mac command on the firewall then?  Thanks for any info....

Rob

Labels:
0 Helpful
2 Replies 2

Mohamed Sobair
Level 7
Level 7

‎07-28-2010 11:13 AM

Rob,

Multiple context in a firewall typically devide the physical hardware into two logical devices. In order for traffic to pass from the router to either context, then the router should know the layer-2 adjacency mac & layer-3 addresses of the nexthop in order to forward the packet succesfuly. Hence for each context you should have different layer-3 and layer-2 addresses.

You cant have the same Mac assigned to multiple IP addresses!!!

HTH

Mohamed

0 Helpful

Richard Burts
Hall of Fame
Hall of Fame
In response to Mohamed Sobair

‎07-28-2010 03:37 PM

Mohamed

I liked the first part of your answer. But I must disagree with the part where you say:"You cant have the same Mac assigned to multiple IP addresses!!!  You certainly can have the same MAC associated with multiple IP addresses. If you do show arp on an interface connected to a router that is doing proxy arp you will find multiple IP addresses all associated with the router MAC address. Or if you do show arp on an interface connected to a device that is doing address translation you will find multiple IP addresses (the addresses being translated) associated with the MAC of the device that is doing the translation.

You are correct that in the case of this problem there is a need to unique MAC address to identify the multiple logical entities involved. But it is not true that in general you can not associate multiple IP addresses with a single MAC.

HTH

Rick

HTH

Rick
0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card