We've been having problems with our ARP tables either being overrun with entries or entries that don't timeout and relearn correctly. Either way it's caused us to be unable to manage some equipment until running "clear arp" on the 6500. After that the network relearns the ARP entries and you can once again communicate with the device. I mentioned this to another engineer and they said I might want to create static arp entries for all of my gear to prevent this in the future. So I tried it out first by starting with one of our VoIP phone adapters. Here's what I get, I've removed the ip address since it's public.
#arp x.x.x.x 0019.cb1c.105f arpa vlan 21
Bad ARP command - Interface may only be specified when bridging IP
But if I leave off "VLAN 21" the entry is taken without error, but there still seems to be a problem because the other learned arp entries show the correct VLAN information to the right, but my static entry does not. My VoIP adapter also seems to stop working when I configure the static ARP entry on the switch.
Internet x.x.x.x 76 001c.c465.a90e ARPA Vlan21
Internet x.x.x.x 9 0011.95bd.05c1 ARPA Vlan21
Internet x.x.x.x - 0019.cb1c.105f ARPA
Internet x.x.x.x 148 0004.f202.7780 ARPA Vlan21
Anyone have any recommendations or any clue to the behavior that I'm seeing?
Here's the configuration for the VLAN interface
description to ## Site 1 #
ip address 172.20.1.1 255.255.255.0 secondary
ip address x.x.x.x 255.255.255.128
ip helper-address x.x.x.x
no ip redirects
ip dhcp relay information trusted
Currently running version
s72033_rp Software (s72033_rp-PK9SV-M), Version 12.2(17d)SXB11a
From what I'm reading a person only needs proxy-arp enabled if the hosts connected don't have a gateway IP configured or the devices are operating under the assumption of a flat network. Since most hosts will have the gateway information I can't find any compelling reason that Cisco would have this enabled by default. Is this something I can disable across the board without any negative repercussions?
I may be misunderstanding your last paragraph about a static arp entry being overwritten by an ARP message. Had you picked up from my question that I was asking if that was possible or were you suggesting that from your past experience you had seen or heard of a static entry being overwritten by an arp message?
in the past during a bug analysis for the versions used in a customer network I've seen some bugs that were telling a gratuitous ARP was even able to rewrite the ARP entry for the router lan interface itself !
Also there was another thread here in the forum in which in a similar issue static ARP entries were not able to avoid the entries to be overriden by dynamic entries.
So I'm not sure that static ARP entries can solve your issue: they may or they may not.
I think that some other device in the subnet has proxy-arp enabled and is answering to ARP requests instead of legitimate devices or even a PC infected with some malware that tries to make some Man in the middle attack
We are pleased to announce availability of Beta software for 16.6.3. 16.6.3 will be the second rebuild on the 16.6 release train targeted towards Catalyst 9500/9400/9300/3850/3650 switching platforms. We are looking for early feedback from custome...