Solved: Hi,Also , ASA would not show

eigrpy · ‎09-18-2015

Hi When I use my pc to trace outside ip address 8.8.8.8, I got output. The following is parts of the result. Between step 2 and 3 of following, there is a asa firewall and Nexus7k. we can get 192.30.2.2’s mac address in switch 6506 by using show arp, but we cannot get 20.17.16.2’s mac address. Do you think this is normal ? I think each device should have other end device' mac address in order to ping the device. Do you think so ?

C:\Users >tracert 8.8.8.8

1 2 ms 2 ms 1 ms 192.30.6.2

2 2 ms 1 ms 1 ms 192.30.2.2 --- switch 6506 vlan ip address

3 3 ms 2 ms 2 ms 20.17.16.2 --- edge router inside ip address

……

9 6 ms 6 ms 6 ms google-public-dns-a.google.com [8.8.8.8]

John Blakley · ‎09-19-2015

I'm not understanding your question. Are you doing show arp directly on the switch and you can see the mac address associated on the to the IP on the switch, but you can't see the 20.17.16.2 address if you do the same command on the same switch? If so, does the switch have a 20.17.16.x address as a connected route, or does it have to route to another device to get to it? If it has to route, then you wouldn't have the 20.17.16.x address in the arp table. ARP is only used on the local subnet, and anything outside of that has to route to get to it.

For example, if your workstation IP address and default gateway is:

192.168.1.100/24

gateway 192.168.1.1

If you ping 192.168.1.50, you would have an arp entry on your workstation for 192.168.1.50 and the mac address associated to it, but if you ping 10.10.10.10, you would not have one and the traffic would be sent to your default gateway.

HTH,

John

HTH, John *** Please rate all useful posts ***

View solution in original post

Vibhor Amrodia · ‎09-19-2015

Hi,

Also , ASA would not show the ASA hop would not show up by default:-

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/15246-31.html#trace

Thanks and Regards,

Vibhor Amrodia

View solution in original post

John Blakley · ‎09-19-2015

I'm not understanding your question. Are you doing show arp directly on the switch and you can see the mac address associated on the to the IP on the switch, but you can't see the 20.17.16.2 address if you do the same command on the same switch? If so, does the switch have a 20.17.16.x address as a connected route, or does it have to route to another device to get to it? If it has to route, then you wouldn't have the 20.17.16.x address in the arp table. ARP is only used on the local subnet, and anything outside of that has to route to get to it.

For example, if your workstation IP address and default gateway is:

192.168.1.100/24

gateway 192.168.1.1

If you ping 192.168.1.50, you would have an arp entry on your workstation for 192.168.1.50 and the mac address associated to it, but if you ping 10.10.10.10, you would not have one and the traffic would be sent to your default gateway.

HTH,

John

HTH, John *** Please rate all useful posts ***

Vibhor Amrodia · ‎09-19-2015

Hi,

Also , ASA would not show the ASA hop would not show up by default:-

http://www.cisco.com/c/en/us/support/docs/security/pix-500-series-security-appliances/15246-31.html#trace

Thanks and Regards,

Vibhor Amrodia

Can not see mac address ?