On my 3850 (running 3.3.1) i have 1600+ entries in the arp table for a given vlan but I'm not acting as the gateway for the devices connecting to it (i'm trunked to the core which is acting as the gateway but I do have ip routing enabled on my 3850). I've put the nmsp attachment suppress command on all physical interfaces to resolve another issue I was having.
Is having all these arp entries expected behavior? I've tried to delete 1 ip in the table which I knew wasn't valid but my switch seems to ignore it as the entry is still there.
The reason I ask was due to a small unicast flooding issue I seemed to have (since gone away). I was told it may have been due to the switch having an arp entry for a mac addresses it didn't know and hence was flooding the switch. The person was surprised to see so many arp entries given i wasn't a gateway for this vlan.
There is not much detail here to work with. Some information about the switch configuration would be helpful. In particular it would help if you would post the configuration of the vlan interface and the output of show ip interface vlanx.
Thanks for the additional information. I am particularly interested in this line of output
Proxy ARP is enabled
So if some device in that VLAN is sending lots of arp requests for lots of addresses (maybe around 1600) then the 3850 will respond. If you configure that VLAN interface with no ip proxy-arp does the behavior change?
That's a good question since I have no idea what proxy-arp is That's the default on the switch I guess.
What happens if I disable it? Some other router/switch will answer? If I put my 3850 as the gateway on a computer, if I leave proxy-arp disabled, will my switch ignore the arp request and another device will respond?
Just trying to understand what will break before I try it
OK. Let us start with an explanation of proxy arp. I will begin with the observation that arp is usually a function on the local network. You would not normally arp for an address that is remote from you. But sometimes devices do arp for remote addresses (frequently this is caused by misconfiguration of the device but there can be other causes). In a router or layer 3 switch whether to respond to this arp request or not is controlled by the setting for proxy-arp. (In essence should the router or switch proxy for the remote address.) Proxy arp is one thing that can generate a higher than usual level of arp activity. So if a device on the vlan 50 does send an arp request.for remote addresses what should the switch do? If proxy arp is enabled (and in general it is enabled by default - though this is beginning to change) the switch will respond to the arp request. If proxy arp is disabled then the switch will not respond.
I want to be clear that enabling or disabling proxy arp only involves arp for remote addresses. It has no effect on arp requests for addresses in the local vlan. And I will also observe that the 3850 will respond to arp requests on the local vlan whether it is set as the gateway on the computers or not.
You also ask about other devices responding to arp requests. So let us be clear that any layer 3 routing device which is on the vlan can respond to arp requests.
You ask what will happen if you disable proxy arp on the 3850. The answer is that if you disable proxy arp on the 3850 then the 3850 will no longer respond to arp requests for remote addresses. It is difficult to know whether that will have much impact. For one thing we do not know whether the core will respond to the arp for remote address or not. If the core does respond to proxy arp then there is little impact other than a possible decrease in arp activity on the 3850. If neither the 3850 nor the core respond to arp requests for remote addresses then whatever device has been sending them will experience a problem with it no longer receives an arp response.
And I will also point out that we do not know for sure that proxy arp is the issue. It is possible that something other than proxy arp is the real cause of the large number of arp entries. I am just trying to evaluate one possibility. It is certainly possible that you could disable proxy arp and there would be no effect at all.
If you issue "show running config all" command you can see all configuration lines of this switch including the default settings. Here is an example for one of the vlan interface configuration. As you can see "proxy-arp" is enabled globally & interface level by default.
3850-2#sh running-config all | in proxy
no ip arp proxy disable
3850-2#sh running-config all | be interface Vlan1410
In your case all the SVI defined & end host gets default-gateway IP correctly, there is no need for "proxy-arp" enabled on SVI. You can safely disable it (globally or interface level) and check if that help to mitigate your arp cache issue.
This is actually a pretty cool feature, i didn't even know it existed until I was looking for a solution to advertise a subnet (prefix in BGP talk), only if a certain condition existed. This is exactly what conditional advertisements does
j ai une question j ai achete un routeur cisco 887VA-k9 , je le configuré avec la configuration ci- dessous
si je le lier avec mon pc portable sur l un de ses ports directement ça marche toute est bien ( la connexion internet + m...
Attached policy provides CLI access to the Cisco 4G router over text messaging. Two files are in the attached .tar file:
2. PDF with instructions on how to load and use the .tcl file.