Cisco Support Community
Showing results for 
Search instead for 
Did you mean: 

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

ARP Logic Question


Can anyonehelp me understand an issue with ARP logic?  I installed a multi-context firewall and did not use the auto mac command.  The router showed (for example) for the subinterfaces on the contexts

arp ip x.x.x.30  mac xxxx.xxxx.fee1

arp ip x.x.x.31  mac xxxx.xxxx.fee1

arp ip x.x.x.32  mac xxxx.xxxx.fee1

IP traffic to the various contexts never flowed.  I had to implement the auto mac command which gave each context its own MAC.  My question is, is it against the logic to have multiple IPs for one MAC?  I did not think it was.  Why did I have to use teh auto-mac command on the firewall then?  Thanks for any info....



Re: ARP Logic Question


Multiple context in a firewall typically devide the physical hardware into two logical devices. In order for traffic to pass from the router to either context, then the router should know the layer-2 adjacency mac & layer-3 addresses of the nexthop in order to forward the packet succesfuly. Hence for each context you should have different layer-3 and layer-2 addresses.

You cant have the same Mac assigned to multiple IP addresses!!!



Hall of Fame Super Silver

Re: ARP Logic Question


I liked the first part of your answer. But I must disagree with the part where you say:"You cant have the same Mac assigned to multiple IP addresses!!!  You certainly can have the same MAC associated with multiple IP addresses. If you do show arp on an interface connected to a router that is doing proxy arp you will find multiple IP addresses all associated with the router MAC address. Or if you do show arp on an interface connected to a device that is doing address translation you will find multiple IP addresses (the addresses being translated) associated with the MAC of the device that is doing the translation.

You are correct that in the case of this problem there is a need to unique MAC address to identify the multiple logical entities involved. But it is not true that in general you can not associate multiple IP addresses with a single MAC.