Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Duplicate Arp Entry Issue

Hi,

I am having peculiar issue in my setup. I recently replaced my ASA 5505 (8.2.1) with ASA 5510 (8.4.3). Everything works fine for a while suddenly I see some of the servers will not be reachable from the LAN all the servers gateway is my switch. If I check on my Dell switch the particular server's arp entry on the connected port  is same as ASA physicall MAC. If im reverting to 5505 ASA everything goes smooth without any issue.

Please help me out...

Karthik S
Everyone's tags (3)
1 ACCEPTED SOLUTION

Accepted Solutions
Super Bronze

Re: Duplicate Arp Entry Issue

Hi,

Well if the ASA has answered the ARP request it probably looks like that.

Are you saying btw that both Vlan 10 and Vlan 20 networks L3 point is on the switch BUT connection from Vlan 10 and Vlan 20 both uses a Vlan 20 access ports towards ASA to use the Internet?

If the situation is as I mentioned above, have you issued the command "sysopt noproxyarp " on the ASA? If you have, have you cleared the ARP on the L3 switch?

If you are not using the ASA to provide the routing between Vlans, wouldnt it be better to have a totally different Vlan and link network to provide the connectivity towards ASA?

- Jouni

6 REPLIES
Super Bronze

Duplicate Arp Entry Issue

Hi,

Could you perhaps provide some simple picture of the network setup (old and new) and/or some configuration (minus sensitive information such as passwords)

Are you saying that you have a L3 Switch / Router in your setup or are you talking about a normal switch?

- Jouni

New Member

Duplicate Arp Entry Issue

Hi Jouni,

ASA<=========> Dell 7048 Stack<========>Servers & Users

Server vlan 20 --- 10.20.20.0/24

Users vlan 10 --- 10.20.10.0/24

Intervlan routing enabled on the Dell L3 switch. The port connecting from Dell switch to ASA is in Vlan 20.

Old and new setup are same only ASA chage.

Any thing more you required from myside? any suggestion?

Karthik S
Super Bronze

Re: Duplicate Arp Entry Issue

Hi,

You could try the command "sysopt noproxyarp " command on the ASA

If you are indeed seeing the ASA interface MAC address on the ARP listing of the L3 Switch it should mean that ASA has answered some devices ARP request instead of the device itself answering the ARP request.

Or have I missed something

- Jouni

New Member

Duplicate Arp Entry Issue

Hi Jouni,

In the arp entry of the switch which is connected to the server showing the Physical MAC address of the ASA.

im getting like below

show arp

10.20.20.2 --- 5097.1234.1567 -- MAC address of my ASA Inside interface

10.20.20.102 --5097.1234.1567

10.20.20.120 --5097.1234.1567

Any idea?

Karthik S
Super Bronze

Re: Duplicate Arp Entry Issue

Hi,

Well if the ASA has answered the ARP request it probably looks like that.

Are you saying btw that both Vlan 10 and Vlan 20 networks L3 point is on the switch BUT connection from Vlan 10 and Vlan 20 both uses a Vlan 20 access ports towards ASA to use the Internet?

If the situation is as I mentioned above, have you issued the command "sysopt noproxyarp " on the ASA? If you have, have you cleared the ARP on the L3 switch?

If you are not using the ASA to provide the routing between Vlans, wouldnt it be better to have a totally different Vlan and link network to provide the connectivity towards ASA?

- Jouni

New Member

Duplicate Arp Entry Issue

Hi Jouni,

Yes we use we use both vlan 10 & 20 to user vlan 20 access port to go to the internet.

so i will try to put sysopt no proxyarp on my inside interface and let u know.

Karthik S
2250
Views
0
Helpful
6
Replies
CreatePlease to create content