Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Arp cache update problem between router 3640 and firewall cluster

The situation is the following: I have two Cisco routers 3640 in HSRP. In the same LAN has been installed a cluster firewall (CheckPoint) for have the redundance. The problem is that when there is a swap between the two cluster nodes the router don't update his cache arp but directs always the old node mac address. If I force the cache update the problem disappears. Why the router don't update the arp table also if the cluster send an arp reply? Can be an IOS problem? Actually in the router runs the (C3640-IS-M), Version 12.1(5)T8

4 REPLIES
Bronze

Re: Arp cache update problem between router 3640 and firewall cl

Does the cluster send an ARP reply when there is a swap? The router will not send an ARP request if it already has an ARP entry in it's cache.

Does the firewall cluster have a way of sharing a MAC address as well as an IP address?

Mark

New Member

Re: Arp cache update problem between router 3640 and firewall cl

I will made some test /debugs for see what the router receives from the cluster. I don't know well how the cluster runs but when there is the swap is not it that must send a message to router for update this arp cache? What type of debug can I perform in the router? Can I check the refresh time of the arp table in the router?

Bronze

Re: Arp cache update problem between router 3640 and firewall cl

I expect that the cluster is supposed to send a promiscuous ARP reply when it swaps, but I don't know. You can do a "debug arp" in the router, but this could produce a lot of output and affect the operation of the router if the network is busy.

Is the firewall cluster using VRRP or some other method?

Mark

Bronze

Re: Arp cache update problem between router 3640 and firewall cl

If the cluster is set up right it should be using one mac address just like the hsrp routers are. No arp update is required.

357
Views
0
Helpful
4
Replies
CreatePlease login to create content