Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

sh arp does not show mac address of IP --- ASA

 

Hi Everyone,

 

I can ping the IP from the ASA but when i do sh arp it does not show me mac address od that IP.

Need to know the reason behind this.

Regards

MAhesh

2 ACCEPTED SOLUTIONS

Accepted Solutions
Hall of Fame Super Silver

Is the host reachable via a

Is the host reachable via a gateway (router)?

If so, the gateway's MAC address will show up in your arp table as the arp table is generally limited to connected broadcast domains (which equate to VLANs - generally associated with subnets).

Hall of Fame Super Silver

So your ASA should have a

So your ASA should have a route on the inside interface to internal networks. The address of that next hop in the routing table is the one you should have in your arp table allowing you to reach non-directly-connected (subnet-wise) hosts within the scope of that route statement.

Think through the logic - ASA pings a host. It needs to determine proper egress interface. It checks and asks "Is it reachable via a directly connected interface (most preferred route)?" Answer no. "Do I have a route statement telling me how to get to it?" Answer yes (otherwise use default). OK - so ASA sends packet out egress interface defined in that route statement to the next hop as defined in route statement and waits for reply.

4 REPLIES
Hall of Fame Super Silver

Is the host reachable via a

Is the host reachable via a gateway (router)?

If so, the gateway's MAC address will show up in your arp table as the arp table is generally limited to connected broadcast domains (which equate to VLANs - generally associated with subnets).

New Member

 Hi Marvin, As per NEtwork

 

Hi Marvin,

 

As per NEtwork setup the host is reachable via Switch.

Host gateway is  SVI vlan defined in switch.

When i ping host IP from ASA which mac address i should see?

SVI mac address of switch?

i checked i do not see mac address of svi vlan of switch.

Regards

MAhesh

Hall of Fame Super Silver

So your ASA should have a

So your ASA should have a route on the inside interface to internal networks. The address of that next hop in the routing table is the one you should have in your arp table allowing you to reach non-directly-connected (subnet-wise) hosts within the scope of that route statement.

Think through the logic - ASA pings a host. It needs to determine proper egress interface. It checks and asks "Is it reachable via a directly connected interface (most preferred route)?" Answer no. "Do I have a route statement telling me how to get to it?" Answer yes (otherwise use default). OK - so ASA sends packet out egress interface defined in that route statement to the next hop as defined in route statement and waits for reply.

New Member

 Thanks Marvin i got it

 

Thanks Marvin i got it.

Regards

Mahesh

1788
Views
0
Helpful
4
Replies
CreatePlease to create content