Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

ARP cache on a Router

consider the following scenario.

Server ----- Switch-----ASA-----Switch----Router------Customer

Now, a context on another ASA (not shown), located on the same segment as the above scenario,  is migrated to the ASA in this scenario.  IP addresses remain the same.

When the context interfaces are brought up on the new ASA, from my understanding it will send a gratuitous ARP.  the switches should see the new IP to Mac association and update thier CAM tables.  But my question is in regards to the router.

Will the router recognize the ARP and update its interface ARP table, or will it have to be cleared manually? 

My initial thought was that it will not update its ARP table and would need to be cleared manually.

If my thoughts are correct, would initiating some traffic from the Server to the Customer update the ARP table on the router?


Please remember to rate and select a correct answer
Cisco Employee

ARP cache on a Router

Hi Marius,

from the picture and your description the switch in the middle between asa and router acts a L2 only, so it does not care of the IP to MAC association as it will just care of having correct L2 table (CAM table). As a matter of fact a L2 switch does not have an ARP table at all.

About the ASA sending an gratuitous ARP, IF IT REALLY DOES THAT, the router which receives it will update the IP to MAC mapping automatically. In your case, if I understood correctly, the mapping of a  given IP address will be changing from a MAC address to another. The router receiving such gratuitous ARP is supposed to update its ARP table for that given IP address with the new MAC value.

No manual clear arp is needed, unless the gratuitous ARP is not actually sent. If this value is not updated a session between the Server to the Customer will NOT update the ARP table (as it will likely be IP traffic which does not be do be resolved as the MAC information is already in the table) and you will have either traffic black-holed (if the wrong MAC still exists in the network) or unicast flooding (if the MAC does not exist anymore on any switch).


CreatePlease to create content