Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Community Member

Cannot clear ARP entry

We have two Cisco 1841 routers connected to one another (via a 2950 switch) Router A is 192.168.3.4/24 and Router B is 192.168.3.8/24.  Connectivity between the two is fine.. my question is when I clear the ARP on one of the routers, it automatically re-learns the MAC address for the other router.. I cannot get rid of it from the ARP table.. and im curious why??. I would have thought this information would have only repopulated once I generated traffic destined to the IP?

5 REPLIES

Cannot clear ARP entry

Hi,

Clear arp on Cisco platforms does not really clear the table. What happens is that the router sends out requests for the hosts in the ARP table. This is mentioned by Elly in this thread:

https://supportforums.cisco.com/thread/160214

This can be seen as below as well. I setup 3 routers in a subnet and pinged to learn the ARP. Then I clear the ARP cache:

R1#sh arp

Protocol  Address          Age (min)  Hardware Addr   Type   Interface

Internet  10.0.0.1                -   c200.2094.0000  ARPA   FastEthernet0/0

Internet  10.0.0.2                0   c201.2094.0000  ARPA   FastEthernet0/0

Internet  10.0.0.3                0   c202.2094.0000  ARPA   FastEthernet0/0

R1#debug arp

ARP packet debugging is on

R1#clear arp-cache

R1#

ARP: flushing ARP entries for all interfaces

IP ARP: sent rep src 10.0.0.1 c200.2094.0000,

dst 10.0.0.1 ffff.ffff.ffff FastEthernet0/0

IP ARP: sent req src 10.0.0.1 c200.2094.0000,

dst 10.0.0.2 c201.2094.0000 FastEthernet0/0

IP ARP: sent req src 10.0.0.1 c200.2094.0000,

dst 10.0.0.3 c202.2094.0000 FastEthernet0/0

IP ARP: rcvd rep src 10.0.0.3 c202.2094.0000, dst 10.0.0.1 FastEthernet0/0

IP ARP: rcvd rep src 10.0.0.2 c201.2094.0000, dst 10.0.0.1 FastEthernet0/0

You can see that gratitous ARP was sent first and then ARP requests unicasted to the current entries that were stored in the ARP cache. If we clear just one then ARP request is only sent to that address:

R1#clear arp 10.0.0.2

R1#

IP ARP: sent req src 10.0.0.1 c200.2094.0000,

dst 10.0.0.2 c201.2094.0000 FastEthernet0/0

IP ARP: sent rep src 10.0.0.1 c200.2094.0000,

dst 10.0.0.1 ffff.ffff.ffff FastEthernet0/0

IP ARP: rcvd rep src 10.0.0.2 c201.2094.0000, dst 10.0.0.1 FastEthernet0/0

Why does it work like this? I can't be 100% sure but it's probably related to CEF, the information is needed for rewrite so it should be stored whenever available.

Daniel Dib
CCIE #37149

Daniel Dib CCIE #37149 Please rate helpful posts.
Hall of Fame Super Gold

Cannot clear ARP entry

Perhaps we have an issue of semantics, but I wonder about your statement that Cisco "does not really clear the table.". Your test shows very clearly that Cisco is clearing out all the dynamic entries in the arp cache

R1#clear arp-cache

R1#

ARP: flushing ARP entries for all interfaces

and then Cisco immediately attempts to relearn the entries that had been in the table.

If your interpretation of "clear the table" is that it should result in an empty table then we can agree that this does not happen. But my interpretation of "clear the table" is to remove all of the existing entries, and Cisco does do that. The importance of this is that if some devices have gone out of service then their arp entries will not be relearned. But for devices which are still active in the network the Cisco router is ready to forward traffic to them as it is received. If it did create an empty table then it would not be able to forward a packet to a host until its arp entry was learned since if the router does not have a MAC address to put into the destination MAC address field it can not forward the packet and will have to drop it.

Cannot clear ARP entry

Yeah, what I meant to say is that people expect the cache to be empty after clearing it and that it will populate itself when traffic is sent. However the way Cisco implemented it is to refresh the entries.

The only way of totally clearing it is to shutdown the interface I believe.

Daniel Dib
CCIE #37149

Daniel Dib CCIE #37149 Please rate helpful posts.
Hall of Fame Super Gold

Cannot clear ARP entry

Yes I agree. I have had similar discussions with people before who get confused because the show arp after the clear command looks so similar to the content of show arp before the clear. So they tend to think that Cisco did not do anything. But your test was very clear in showing that the existing entries are flushed and then are learned over again.

Some people do expect the arp table to be empty after clearing. And that would make sense for a host in the network. But if you think about how a router works it is not able to forward traffic until it has an entry in its arp table for the destination. So it would degrade service on the network if the router had to learn the entries one at a time as traffic arrives.

Yes the only way to prevent the router from re-learning arp entries is to shut down the interface. (and if you shut down the interface then you do not need the clear command)

HTH

Rick

Community Member

You can also use the command

You can also use the command "clear ip arp" which clears the arp table without sending the gracious arp messages. You will see this has more effect as it takes longer to re-learn the arp entries.

1538
Views
0
Helpful
5
Replies
CreatePlease to create content